Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 509000 - app-forensics/chkrootkit - /etc/cron.weekly/chkrootkit: find reads entire file system disk because HOME is not set
Summary: app-forensics/chkrootkit - /etc/cron.weekly/chkrootkit: find reads entire fil...
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-28 19:48 UTC by Johannes Buchner
Modified: 2018-07-11 14:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Buchner 2014-04-28 19:48:24 UTC 
I set up app-forensics/chkrootkit-0.49 through /etc/cron.weekly/chkrootkit (installed, but not activated, by default).
This script contains only one line, namely

exec /usr/sbin/chkrootkit -q

Perhaps it should also contain
  renice -n +20 -p $$
  ionice -c3 -p $$
but that is another issue.

At some point in the shell script chkrootkit, the following line is executed 

files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`

I believe this is meant to search the home directory of the root user. Unfortunately, HOME is not set, and ${ROOTDIR}${HOME} is evaluated as / .
This means, the entire hard drive is searched, and causes a lot of interference with normal working (massive I/O).

The solution to this bug (I think) is to set the HOME variable in the script:

export HOME=/root/






Reproducible: Always

Steps to Reproduce:
1. activate /etc/cron.weekly/chkrootkit
2. wait until run
Actual Results:  
find causes massive I/O

Expected Results:  
quickly finish searching in the relevant directories only
Comment 1 Jordy Zomer 2018-01-23 14:18:14 UTC 
--- /usr/sbin/chkrootkit	2018-01-23 14:16:12.129713688 +0000
+++ chkrootkit-fixed	2018-01-23 14:16:44.708953781 +0000
@@ -20,6 +20,12 @@
 CHECK_WTMPX="/usr/sbin/check_wtmpx"
 STRINGS="/usr/sbin/strings-static"

+#https://bugs.gentoo.org/509000 - Default to /root/ if $HOME is not set
+if [ -z "$HOME"]
+then
+	export HOME=/root/
+fi
+
 ### workaround for some Bourne shell implementations
 unalias login > /dev/null 2>&1
 unalias ls > /dev/null 2>&1
Comment 2 Diogo Pereira 2018-02-15 20:03:26 UTC 
(In reply to Johannes Buchner from comment #0)
> At some point in the shell script chkrootkit, the following line is executed 
> 
> files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
> 
> I believe this is meant to search the home directory of the root user.
> Unfortunately, HOME is not set, and ${ROOTDIR}${HOME} is evaluated as / .

Actually it only runs that line if ${HOME} is not empty:

>   if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
>      files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
Comment 3 Pacho Ramos gentoo-dev 2018-07-11 14:17:19 UTC 
please retry with 0.52 and, if still failing, please report to upstream
http://www.chkrootkit.org/

Thanks