Description of problem: chkrootkit reports a syntax error while performing check for chsh Steps to Reproduce: [root@localhost ~]# LC_ALL=C chkrootkit chsh ROOTDIR is `/' Checking `chsh'... /usr/sbin/chkrootkit: ligne 1476 : [: : integer expression expected not infected [root@localhost ~]# changing line 1475 by adding a leading '0' (see diff below) suppresses the error but I have not yet verified that is the expected behaviour (test for Fedora distrib). Any suggestion? --- /root/tmp/chkrootkit 2021-04-14 12:47:20.555640465 +0200 +++ /root/tmp/chkrootkit2 2021-04-14 12:47:49.735740997 +0200 @@ -1472,7 +1472,7 @@ REDHAT_PAM_LABEL="*NOT*" GENERIC_ROOTKIT_FEDORA=${GENERIC_ROOTKIT_LABEL} if [ -f /etc/system-release ]; then - v=`${egrep} -i fedora /etc/system-release | cut -d " " -f 3` + v="0"`${egrep} -i fedora /etc/system-release | cut -d " " -f 3` if [ "$v" -gt "32" ]; then GENERIC_ROOTKIT_FEDORA="bash|elite$|vejeta|\.ark|iroffer" fi
CC: (none) => dvgevers
Thank you for the report and detailed diagnosis. This SRPM has no registered maintainer, and is done by different people; so assigning the bug globally.
Assignee: bugsquad => pkg-bugs
Instead of adding a 0, if you change fedora to mageia, does it work?
CC: (none) => luigiwalser
Sorry for the delay. Well, it works but the test checks for Fedora release number to verify if the release is newer than 32 (release date: april 2020). If the test succeeds (ie fedora release >= 32), it suppresses the pattern '^/bin/.*sh$' in the search of strings in the chsh binary (found in $PATH). Just change 'fedora' to 'mageia' would make no sense. I do not have any string matching the pattern in my system. I suggest that the test should return 0 to indicate that the system is not a fedora release greater than 32.
How about changing "fedora" to "mageia" and "32" to "7" ?
I think the bug was introduced as a regression from the bug fix related to: https://bugzilla.redhat.com/show_bug.cgi?id=1904328 I emailed the authors of chkrootkit.
chkrootkit version 0.55 fixes this bug (with the patch above). v0.55 is used in the Cauldron package, but do we backport to this release version (either with the patch above or by using chkrootkit v0.55)?
(In reply to David Walser from comment #4) > How about changing "fedora" to "mageia" and "32" to "7" ? Can you answer this question please? (In reply to Christophe Nanteuil from comment #6) > chkrootkit version 0.55 fixes this bug (with the patch above). > v0.55 is used in the Cauldron package, but do we backport to this release > version (either with the patch above or by using chkrootkit v0.55)? In other words 0.55 doesn't fix it. Once we determine how to actually fix it properly, I do think we should update Mageia 8 to the latest. (In reply to Christophe Nanteuil from comment #5) > I think the bug was introduced as a regression from the bug fix related to: > https://bugzilla.redhat.com/show_bug.cgi?id=1904328 > > I emailed the authors of chkrootkit. Did you get a response from them?
Changing "fedora" to "mageia" does not make sense to me as the test is a workaround for a false positive specific to fedora distrib. The chkrootkit developers included my patch in v0.55 the day after I emailed them. They did not notify me, so I only noticed last week.
The website for chkrootkit is currently down, but the changelog for 0.55 is: 06/10/2021 - Version 0.55 Umbreon Linux Rootkit detection Kinsing.A Backdoor RotaJakito Backdoor Minor bug fixes chkrootkit-0.55-1.mga8 from chkrootkit-0.55-1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 8Summary: chkrootkit reports error during checking chsh => chkrootkit reports error during checking chsh (fixed in 0.55)
CC: (none) => mageia
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues Used command specified above: # LC_ALL=C chkrootkit chsh ROOTDIR is `/' Checking `chsh'... not infected No error as discussed above, so I suppose this is good, but plse correct me if necessary.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Installed and tested without issues. System: Mageia 8, x86_64, Intel CPU. # chkrootkit <SNIP lots of nothing found/not infected/nothing detected> $ uname -a Linux marte 5.15.6-desktop-2.mga8 #1 SMP Sat Dec 4 17:31:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q chkrootkit chkrootkit-0.55-1.mga8
Great! Thanks.
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2021-0233.html
Status: NEW => RESOLVEDResolution: (none) => FIXED