On Sun, May 31, 2009 at 03:57:41PM +0200, Christoph Anton Mitterer <christoph.anton.mitte...@physik.uni-muenchen.de> was heard to say: > I'm running several intrusion detection systems, e.g. rkhunter > (which in turn uses unhide). For quite some time now, unhide gave me > false positives (I'm quite sure, that my system is not compromised), > saying that hidden processes were found.
Hi, Christoph. Sorry about taking so long to get back to you. I don't know what a "hidden process" would be, and aptitude certainly doesn't hide any processes that it runs. I do know that rootkit detectors are notorious for warning about all sorts of harmless stuff, to the point that they're largely useless. My best guess would be that it's noticing some short-lived process that it thinks must be hidden because it can detect it with a probe but it's not in the process list (i.e., there's an inherent race condition). However, I don't think aptitude runs any processes on start-up; the only place I can think of where it spawns subprocesses is when you're viewing a changelog. It's possible the apt backend library is spawning some stuff off, though; does apt-get do the same thing for you? I also don't think this is a grave bug, so I'm going to downgrade it. Daniel -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
