Bug#589682:

2021-12-23 Thread Richard Lewis 
> (However, it seems to me that not every cmd in cmdlist is always
> invoked as ${cmd} - something to investigate)

I started a patch to replace all uses of cmd with $cmd, however, i
found that it actually broke the test of .php files (!). Probably i
messed up, but it seems it needs more thought than a simple
search+replace (probably a single quote/expansion issue). So i didnt
push that anywhere yet. will revisit at some point.

What i didn't do is check that all the debian patches were not
introducing plan "cmd" instead of "$cmd", i suspect some of them are.

More generally, the concept of '-p' is a bit inconsistent.
- echo is included in cmdlist but the code is strewn with plan "echo"
rather than "$echo".
- the code that sets the $cmd variables relies on several utilities
that you wouldnt trust if you were using "-p", i wonder if it really
works to replace all the commands in cmdlist

More more generally, shellcheck spots over 100 issues in chkrootkit,
some of which look like potential issues if malware used unusual file
names

Bug#589682:

2021-11-25 Thread Richard Lewis 
The issue described in this report isnt a bug: $egrep and ${egrep} are
the same. The variable is set indirectly by the code that supports the
'-p' option (which sets a variable for everything in cmdlist)

(However, it seems to me that not every cmd in cmdlist is always
invoked as ${cmd} - something to investigate)

Bug#589682: chkrootkit: $egrep used unset

2010-07-19 Thread Bruce Sass 
Package: chkrootkit
Version: 0.49-4
Severity: normal


There are 4 instances of $egrep in 3 lines of code (line numbers: 106, Slapper
check; 1135, PHP files check; and 1638, chk_crontab function) but it doesn't
appear that egrep is ever set to a value.

${egrep} is what is being used in lots of other lines...


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages chkrootkit depends on:
ii  binutils  2.20.1-11  The GNU assembler, linker and bina
ii  debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii  libc6 2.11.2-2   Embedded GNU C Library: Shared lib
ii  net-tools 1.60-23The NET-3 networking toolkit
ii  procps1:3.2.8-9  /proc file system utilities

chkrootkit recommends no packages.

chkrootkit suggests no packages.

-- debconf information:
* chkrootkit/run_daily: true
* chkrootkit/run_daily_opts: -q -n
* chkrootkit/diff_mode: false



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org