Description of problem: I'm not sure if this is a duplicate of bug 577979 (https://bugzilla.redhat.com/show_bug.cgi?id=577979), but just in case I detail it here... Just upgraded from F11 to F13. Installed chkrootkit using yum. It installed chkrootkit-0.48-14.fc12.i686. On each run of chkrootkit it declares: Checking `chkutmp'... *** stack smashing detected ***: ./chkutmp terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x4d)[0x8bbfcd] /lib/libc.so.6[0x8bbf7a] ./chkutmp[0x8048b1a] ./chkutmp[0x8048b6c] /lib/libc.so.6(__libc_start_main+0xe6)[0x7dacc6] ./chkutmp[0x8048681] ======= Memory map: ======== 007a2000-007c0000 r-xp 00000000 08:06 67810 /lib/ld-2.12.so 007c0000-007c1000 r--p 0001d000 08:06 67810 /lib/ld-2.12.so 007c1000-007c2000 rw-p 0001e000 08:06 67810 /lib/ld-2.12.so 007c4000-00949000 r-xp 00000000 08:06 68736 /lib/libc-2.12.so 00949000-0094a000 ---p 00185000 08:06 68736 /lib/libc-2.12.so 0094a000-0094c000 r--p 00185000 08:06 68736 /lib/libc-2.12.so 0094c000-0094d000 rw-p 00187000 08:06 68736 /lib/libc-2.12.so 0094d000-00950000 rw-p 00000000 00:00 0 00a1e000-00a1f000 r-xp 00000000 00:00 0 [vdso] 05408000-05425000 r-xp 00000000 08:06 37890 /lib/libgcc_s-4.4.4-20100630.so.1 05425000-05426000 rw-p 0001d000 08:06 37890 /lib/libgcc_s-4.4.4-20100630.so.1 08048000-0804a000 r-xp 00000000 08:06 272597 /usr/lib/chkrootkit-0.48/chkutmp 0804a000-0804b000 rw-p 00001000 08:06 272597 /usr/lib/chkrootkit-0.48/chkutmp 08462000-08483000 rw-p 00000000 00:00 0 [heap] b78dc000-b78dd000 rw-p 00000000 00:00 0 b78ec000-b78ed000 rw-p 00000000 00:00 0 bf813000-bf98f000 rw-p 00000000 00:00 0 [stack] /usr/lib/chkrootkit-0.48/chkrootkit: line 172: 18748 Aborted (core dumped) ./chkutmp Version-Release number of selected component (if applicable): chkrootkit-0.48-14.fc12.i686 How reproducible: Every Time Steps to Reproduce: 1. Install Fedora 13 2. Yum install chkrootkit 3. chkrootkit Actual results: See above Expected results: Additional info:
0.49 is in koji for f14, and should work on f13. Can you test and see if this fixes your issue? If so I can build for f13 and push as an update. Thanks! http://koji.fedoraproject.org/koji/buildinfo?buildID=162682
Nope. Sorry. Same problem... # yum remove chkrootkit Erasing : chkrootkit-0.48-14.fc12.i686 Removed: chkrootkit.i686 0:0.48-14.fc12 Complete! # rpm -Uvh chkrootkit-0.49-1.fc14.i686.rpm Preparing... ########################################### [100%] 1:chkrootkit ########################################### [100%] # chkrootkit ... Checking `slapper'... not infected Checking `z2'... chklastlog: nothing deleted Checking `chkutmp'... *** stack smashing detected ***: ./chkutmp terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x4d)[0x8bbfcd] /lib/libc.so.6[0x8bbf7a] ./chkutmp[0x8048b22] ./chkutmp[0x8048b6c] /lib/libc.so.6(__libc_start_main+0xe6)[0x7dacc6] ./chkutmp[0x8048681] ======= Memory map: ======== 007a2000-007c0000 r-xp 00000000 08:06 67810 /lib/ld-2.12.so 007c0000-007c1000 r--p 0001d000 08:06 67810 /lib/ld-2.12.so 007c1000-007c2000 rw-p 0001e000 08:06 67810 /lib/ld-2.12.so 007c4000-00949000 r-xp 00000000 08:06 68736 /lib/libc-2.12.so 00949000-0094a000 ---p 00185000 08:06 68736 /lib/libc-2.12.so 0094a000-0094c000 r--p 00185000 08:06 68736 /lib/libc-2.12.so 0094c000-0094d000 rw-p 00187000 08:06 68736 /lib/libc-2.12.so 0094d000-00950000 rw-p 00000000 00:00 0 00e51000-00e52000 r-xp 00000000 00:00 0 [vdso] 05408000-05425000 r-xp 00000000 08:06 37890 /lib/libgcc_s-4.4.4-20100630.so.1 05425000-05426000 rw-p 0001d000 08:06 37890 /lib/libgcc_s-4.4.4-20100630.so.1 08048000-0804a000 r-xp 00000000 08:06 272588 /usr/lib/chkrootkit-0.49/chkutmp 0804a000-0804b000 rw-p 00001000 08:06 272588 /usr/lib/chkrootkit-0.49/chkutmp 09094000-090b5000 rw-p 00000000 00:00 0 [heap] b7855000-b7856000 rw-p 00000000 00:00 0 b7865000-b7866000 rw-p 00000000 00:00 0 bf7b6000-bf931000 rw-p 00000000 00:00 0 [stack] /usr/lib/chkrootkit-0.49/chkrootkit: line 195: 28971 Aborted (core dumped) ./chkutmp Checking `OSX_RSPLUG'... not infected
*Please* redirect the output of ps ax -o "tty,pid,ruser,args" to a file and attach it.
Please also run "debuginfo-install -y chkrootkit" as root user to complete the missing details in the backtrace. (I wonder why ABRT doesn't catch this crash?)
Created attachment 453526 [details] Result of ps ax -o "tty,pid,ruser,args"
Well I ran the debug-info command which installed the following packages: glibc-debuginfo-2.12.1-2.i686 yum-plugin-auto-update-debug-info-1.1.28-1.fc13.noarch If this should have produced more detailed output from the cron job I'm not sure it worked. Here is the output from last night's run: *** stack smashing detected ***: ./chkutmp terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x4d)[0x426fdd] /lib/libc.so.6(+0x389f8a)[0x426f8a] ./chkutmp[0x8048b22] ./chkutmp[0x8048b6c] /lib/libc.so.6(__libc_start_main+0xe6)[0x345cc6] ./chkutmp[0x8048681] ======= Memory map: ======== 0024d000-0026a000 r-xp 00000000 08:06 9530 /lib/libgcc_s-4.4.4-20100630.so.1 0026a000-0026b000 rw-p 0001d000 08:06 9530 /lib/libgcc_s-4.4.4-20100630.so.1 00270000-0028e000 r-xp 00000000 08:06 5744 /lib/ld-2.12.1.so 0028e000-0028f000 r--p 0001d000 08:06 5744 /lib/ld-2.12.1.so 0028f000-00290000 rw-p 0001e000 08:06 5744 /lib/ld-2.12.1.so 0032e000-0032f000 r-xp 00000000 00:00 0 [vdso] 0032f000-004b4000 r-xp 00000000 08:06 5745 /lib/libc-2.12.1.so 004b4000-004b5000 ---p 00185000 08:06 5745 /lib/libc-2.12.1.so 004b5000-004b7000 r--p 00185000 08:06 5745 /lib/libc-2.12.1.so 004b7000-004b8000 rw-p 00187000 08:06 5745 /lib/libc-2.12.1.so 004b8000-004bb000 rw-p 00000000 00:00 0 08048000-0804a000 r-xp 00000000 08:06 264209 /usr/lib/chkrootkit-0.49/chkutmp 0804a000-0804b000 rw-p 00001000 08:06 264209 /usr/lib/chkrootkit-0.49/chkutmp 09aab000-09acc000 rw-p 00000000 00:00 0 [heap] b774c000-b774d000 rw-p 00000000 00:00 0 b775d000-b775e000 rw-p 00000000 00:00 0 bf850000-bf9cb000 rw-p 00000000 00:00 0 [stack] /usr/lib/chkrootkit-0.49/chkrootkit: line 195: 18558 Aborted (core dumped) ./chkutmp I have attached the output from the ps command which you can find in the previous comment. Thanks for your help so far...
Odd. For the chkrootkit-0.49 build from koji you would need the corresponding chkrootkit-debuginfo package, though. But perhaps whatever intercepts those crashes on your machine, creates an incomplete backtrace. With the output from "ps" I could not reproduce a crash. Thank you for attaching it. If you don't mind giving another package a try, here's a scratch-build for Fedora 13 i686 in koji, http://koji.fedoraproject.org/koji/taskinfo?taskID=2535549 it includes the fix for bug 577979 and corrects another problem. You may need to "rpm --oldpackage -Uvh ..." it because you've installed a .fc14 package before.
Well it's so long since I've had a working version I can't remember what the output should look like (!) The output seems a bit shorter than I remember - But with that version I no longer get the stack smashing! Here's the start and end of the run (I can send the whole output if required). Does it look OK to you? I think this is progress. Thank you so much! # chkrootkit ROOTDIR is `/' Checking `amd'... not found Checking `basename'... not infected [Snip...] Checking `slapper'... not infected Checking `z2'... chklastlog: nothing deleted Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 1783 tty1 /usr/bin/Xorg :0 -nr -verbose -auth /var/run/gdm/auth-for-gdm-mpm0uP/database -nolisten tcp vt1 chkutmp: nothing deleted Checking `OSX_RSPLUG'... not infected #
Created attachment 453570 [details] updated chkrootkit-0.49-chkutmp-outofbounds.patch combined fixes for bug 577979 and bug 626067
Thanks! I'll get this out.
chkrootkit-0.49-2.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc13
chkrootkit-0.49-2.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc12
chkrootkit-0.49-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc14
chkrootkit-0.49-2.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update chkrootkit'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc14
chkrootkit-0.49-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
chkrootkit-0.49-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
chkrootkit-0.49-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
RHEL5 chkrootkit from EPEL is still version 0.49-1 and appears to suffer from this problem, at least cosmeticaly. Can this patch please be applied there too?
chkrootkit-0.49-3.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el5
chkrootkit-0.49-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el6
chkrootkit-0.49-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
chkrootkit-0.49-3.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.