| Summary: | app-forensics/chkrootkit - /etc/cron.weekly/chkrootkit: find reads entire file system disk because HOME is not set | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Johannes Buchner <buchner.johannes> |
| Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: | RESOLVED TEST-REQUEST | ||
| Severity: | normal | CC: | randalla |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://github.com/gentoo/gentoo/pull/6952 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
--- /usr/sbin/chkrootkit 2018-01-23 14:16:12.129713688 +0000 +++ chkrootkit-fixed 2018-01-23 14:16:44.708953781 +0000 @@ -20,6 +20,12 @@ CHECK_WTMPX="/usr/sbin/check_wtmpx" STRINGS="/usr/sbin/strings-static" +#https://bugs.gentoo.org/509000 - Default to /root/ if $HOME is not set +if [ -z "$HOME"] +then + export HOME=/root/ +fi + ### workaround for some Bourne shell implementations unalias login > /dev/null 2>&1 unalias ls > /dev/null 2>&1 (In reply to Johannes Buchner from comment #0) > At some point in the shell script chkrootkit, the following line is executed > > files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0` > > I believe this is meant to search the home directory of the root user. > Unfortunately, HOME is not set, and ${ROOTDIR}${HOME} is evaluated as / . Actually it only runs that line if ${HOME} is not empty: > if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then > files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0` please retry with 0.52 and, if still failing, please report to upstream http://www.chkrootkit.org/ Thanks |
I set up app-forensics/chkrootkit-0.49 through /etc/cron.weekly/chkrootkit (installed, but not activated, by default). This script contains only one line, namely exec /usr/sbin/chkrootkit -q Perhaps it should also contain renice -n +20 -p $$ ionice -c3 -p $$ but that is another issue. At some point in the shell script chkrootkit, the following line is executed files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0` I believe this is meant to search the home directory of the root user. Unfortunately, HOME is not set, and ${ROOTDIR}${HOME} is evaluated as / . This means, the entire hard drive is searched, and causes a lot of interference with normal working (massive I/O). The solution to this bug (I think) is to set the HOME variable in the script: export HOME=/root/ Reproducible: Always Steps to Reproduce: 1. activate /etc/cron.weekly/chkrootkit 2. wait until run Actual Results: find causes massive I/O Expected Results: quickly finish searching in the relevant directories only