Package: chkrootkit
Version: 0.55-1+b1
Severity: important
Dear Maintainer,
Since upgrade to bullseye I'm seeing chkrootkit warnings of the
form:
OooPS, not expected 210672 value
I think the problem here is the new larger PIDs on newer kernels.
I think the problem here is something involving the MAX_PROCESSES calc in
chkproc.c
TO reproduce:
Let the host run for a while so you're getting larger PIDs, then
cd /usr/lib/chkrootkit
./chkproc
OooPS, not expected 210672 value
and that's the first PID in my system's ps output that's large.
I tried upgrading to testing's:
ii chkrootkit 0.55-1+b1 amd64
rootkit detector
and it still happens for me.
I checked it really is the 64bit build:
dg@mx:/usr/lib/chkrootkit$ file /usr/lib/chkrootkit/chkproc
/usr/lib/chkrootkit/chkproc: ELF 64-bit LSB pie executable, x86-64, version 1
(SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,
BuildID[sha1]=66d59d153338e672554b5b6fee85d5696d2cb968, for GNU/Linux 3.2.0,
stripped
Dave
-- System Information:
Debian Release: 11.1
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-9-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages chkrootkit depends on:
ii binutils 2.35.2-2
ii debconf [debconf-2.0] 1.5.77
ii libc6 2.31-13+deb11u2
ii net-tools 1.60+git20181103.0eebece-1
ii openssh-client 1:8.4p1-5
ii procps 2:3.3.17-5
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information:
* chkrootkit/run_daily_opts: -q -n
* chkrootkit/run_daily: true
* chkrootkit/diff_mode: false