Subject: Re: ports chkrootkit wrongly says login is INFECTED
To: Tobias Schuepp <spam@schuepp.net>
From: David Maxwell <david@crlf.net>
List: netbsd-users
Date: 03/01/2005 10:03:10
On Tue, 01 Mar 2005, Tobias Schuepp wrote:
>  <buce <at> denebx.net> writes:
> 
> > I'm relatively sure it's not.
> > 
> > Someone mind sanity checking this?
> > 
> > SHA1 (/usr/bin/login) = 227f69df03ad128d16caf811a85824fe65c29588
> 
> Got the same hash. And i get the same error. Maybe someone should inform the 
> port maintainer.

This sounds familliar.

I believe this has come up before, and was due to a bug in chkrootkit.
It had some expectation of the behaviour of a command line utility - and
its expectation caused a broken pipeline, which results in an incorrect
result.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Mastery of UNIX, like
mastery of language, offers real freedom. The price of freedom is always dear,
but there's no substitute. Personally, I'd rather pay for my freedom than live
in a bitmapped, pop-up-happy dungeon like NT. - Thomas Scoville