Bug#389519: flex: Flex reuses path known from Showtee Rootkit

Mon, 25 Sep 2006 23:40:11 -0700 

Package: flex
Version: 2.5.33-9
Severity: wishlist

Flex should avoid a path that can trigger a false positive from
chkrootkit. The relevant part from that:

   ### Showtee
   if [ "${QUIET}" != "t" ];then printn "Searching for Showtee... "; fi
   if [ -d ${ROOTDIR}usr/lib/.egcs ] || [ -f ${ROOTDIR}usr/lib/libfl.so ] || \  
           <<<<<<<<<<<<<<<<<<<<<
      [ -d ${ROOTDIR}usr/lib/.kinetic ] || [ -d ${ROOTDIR}usr/lib/.wormie ] || \
      [ -f ${ROOTDIR}usr/lib/liblog.o ] || [ -f ${ROOTDIR}usr/include/addr.h ] 
|| \
      [ -f ${ROOTDIR}usr/include/cron.h ] || [ -f ${ROOTDIR}usr/include/file.h 
] || \
      [ -f ${ROOTDIR}usr/include/proc.h ] || [ -f 
${ROOTDIR}usr/include/syslogs.h ] || \
      [ -f ${ROOTDIR}usr/include/chk.h ]; then
         echo "Warning: Possible Showtee Rootkit installed"
      else
      if  [ "${QUIET}" != "t" ]; then echo "nothing found"; fi

While I readily agree that flex should not be installed on a machine
directly connected to the Internet, I don't think it is unreasonably
paranoid (of course...) to run chkrootkit on a desktop machine that
interacts with the Internet as a client a lot.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (100, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-k7
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages flex depends on:
ii  debconf [debconf-2.0]        1.5.4       Debian configuration management sy
ii  libc6                        2.3.6.ds1-4 GNU C Library: Shared libraries
ii  m4                           1.4.6-2     a macro processing language

Versions of packages flex recommends:
ii  gcc [c-compiler]             4:4.1.1-7   The GNU C compiler
ii  gcc-2.95 [c-compiler]        1:2.95.4-27 The GNU C compiler
ii  gcc-3.2 [c-compiler]         1:3.2.3-9   The GNU C compiler
ii  gcc-3.3 [c-compiler]         1:3.3.6-13  The GNU C compiler
ii  gcc-3.4 [c-compiler]         3.4.6-4     The GNU C compiler
ii  gcc-4.0 [c-compiler]         4.0.3-3     The GNU C compiler
ii  gcc-4.1 [c-compiler]         4.1.1-13    The GNU C compiler

-- debconf information:
  flex/upgrade/pre_2.5.5: false


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to