Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 113588 - chkrootkit reports ps, netstat infected if CFLAGS includes -g
Summary: chkrootkit reports ps, netstat infected if CFLAGS includes -g
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Linux bug wranglers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-25 14:05 UTC by Mark Purtill
Modified: 2005-11-25 14:12 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Here's the complete output of chkrootkit -q showing ps and netstat INFECTED (chkrootkit.out,7.55 KB, text/plain)
2005-11-25 14:09 UTC, Mark Purtill
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Purtill 2005-11-25 14:05:06 UTC
chkrootkit reports ps and netstat are INFECTED if their respective packages
(sys-process/procps-3.2.5-r1 and sys-apps/net-tools-1.60-r11) are emerged with
CFLAGS="-O2 -g".  It doesn't report anything else interesting.  If I change
CFLAGS to "" or "-O2" and re-emerge those packages, then they are reported as
not infected (so I assume the INFECTED indication is a false positive).

Here is the output of emerge info:

Portage 2.0.51.22-r3 (default-linux/x86/2005.0, gcc-3.3.6, glibc-2.3.5-r2,
2.6.13-gentoo-r3 i686)
=================================================================
System uname: 2.6.13-gentoo-r3 i686 AMD Athlon(tm) XP 1900+
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-g -O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.1/share/config
/usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config
/usr/kde/3.3/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb
/usr/lib/mozilla/defaults/pref /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-g -O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks fixpackages nostrip sandbox sfperms strict userpriv"
GENTOO_MIRRORS="http://gentoo.osuosl.org/ ftp://gentoo.ccccom.com
ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://mirror.datapipe.net/gentoo
http://gentoo.mirrors.easynews.com/linux/gentoo/ http://gentoo.ccccom.com"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LINGUAS="en ja"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="x86 3dnow X Xaw3d aalib acl alsa apm arts audiofile avi berkdb bindist
bitmap-fonts bzip2 canna cdr cjk crypt cups curl debug doc dvd eds emboss encode
esd exif expat fam flac foomaticdb fortran freetype freewnn gd gdbm gif glut gmp
gnome gpm gstreamer gtk gtk2 guile idn imagemagick imlib ipv6 java joystick jpeg
junit kde kdexdeltas lcms libg++ libwww mad maildir mbox mikmod mng mozilla
mozsvg mp3 mpeg mule ncurses nls noantlr nobcel nobeanutils nobsh
nocommonslogging nocommonsnet nodrm nojdepend nojsch nojython nolog4j nooro
noregexp norhino noxalan noxerces ogg oggvorbis openal opengl oss pam pcre
pdflib perl pic png python qt quicktime readline ruby scanner sdl slang speex
spell sse ssl svga tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts
udev unicode usb vorbis wmf xine xinerama xml xml2 xmms xv xvid zlib
video_cards_matrox linguas_en linguas_ja userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LDFLAGS, MAKEOPTS
Comment 1 Mark Purtill 2005-11-25 14:09:43 UTC
Created attachment 73613 [details]
Here's the complete output of chkrootkit -q showing ps and netstat INFECTED

I get essentially the same output (different process numbers), except with ps
and netstat not showing as infected, when I re-emerge the affected packages
with CFLAGS not containing -g.
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2005-11-25 14:12:51 UTC
Hmmm... This needs to be fixed upstream. See http://www.chkrootkit.org/ - 
Contacting the Authors at the bottom of the page.