Bug 1904328 - chkrootkit thinks /usr/bin/chsh is infected on Fedora 33
Summary: chkrootkit thinks /usr/bin/chsh is infected on Fedora 33
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: chkrootkit
Version: 33
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-12-04 05:43 UTC by P D
Modified: 2021-01-02 01:50 UTC (History)
2 users (show)

Fixed In Version: chkrootkit-0.54-1.fc33 chkrootkit-0.54-1.fc32
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-01-02 01:08:54 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description P D 2020-12-04 05:43:42 UTC 
Description of problem:

On Fedora 33 with latest updates installed via DNF, chkrootkit thinks /usr/bin/chsh is infected, and displays the INFECTED warning.

Version-Release number of selected component (if applicable):

chkrootkit-0.53-4.fc33.x86_64
util-linux-user-2.36-3.fc33.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Run chkrootkit
2. Look at the logs
3. Notice the line "Checking `chsh'... INFECTED"

Actual results:

Chkrootkit claims chsh is infected.

Expected results:

Chkrootkit should not falsely claim this executable is infected. (I'm assuming this is a false positive, I have experienced the same issue on two machines)

Additional info:

Chkrootkit is old and probably unmaintained so issues like this will arise from time to time.
Comment 1 Gwyn Ciesla 2020-12-07 17:28:21 UTC 
Emailed upstream maintainers.
Comment 2 Gwyn Ciesla 2020-12-08 14:35:23 UTC 
Upstream says this will be fixed in the new release coming out in the next few days.
Comment 3 Fedora Update System 2020-12-24 18:56:27 UTC 
FEDORA-2020-d5928daf95 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d5928daf95
Comment 4 Fedora Update System 2020-12-25 02:06:17 UTC 
FEDORA-2020-d5928daf95 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-d5928daf95`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d5928daf95

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2020-12-25 02:12:29 UTC 
FEDORA-2020-e27eafb144 has been pushed to the Fedora 32 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-e27eafb144`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e27eafb144

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 P D 2020-12-25 19:34:42 UTC 
Confirmed fixed, thanks.
Comment 7 Fedora Update System 2021-01-02 01:08:54 UTC 
FEDORA-2020-d5928daf95 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2021-01-02 01:50:16 UTC 
FEDORA-2020-e27eafb144 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.