| Summary: | app-forensics/chkrootkit chkutmp seg fault | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Stewart Gebbie <sggentoo> |
| Component: | Current packages | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
*** This bug has been marked as a duplicate of bug 184962 *** |
When running chkrootkit, chkutmp produces a seg fault which can be seen in the output as: Checking `chkutmp'... /root/chkrootkit/chkrootkit: line 181: 1541 Segmentation fault ${CHKUTMP} After some investigation it seems to be related to buffer overruns in chkutmp that occur when the command line is longer than expected. Note, however, that the seg fault is dependent on compiler flags. On my system I do not get the problem if compiled with no optimisations. However with -O2 the seg fault occurs Reproducible: Always Steps to Reproduce: 1. ensure that you have a program running with a very long command line > 1024 2. run chkrootkit 3. note failure at chkutmp Actual Results: Checking `chkutmp'... /root/chkrootkit/chkrootkit: line 181: 1541 Segmentation fault ${CHKUTMP} Expected Results: probably a blank line I have debugged chkutmp.c and found some problems. I have posted the modifications to the chkrootkit maintainers. However, it would be good if these could be included as a patch in the gentoo portage tree until a new version of chkrootkit is realeased. The modified code can be fetched from: http://www.gethos.net/~stewart/gentoo/chkutmp.c