Le jeu. 16 août 2012 19:38:31 CEST, NoOp a écrit: > On 08/16/2012 04:45 AM, Philippe Naudin wrote: > > Hello, > > > > I am using LibreOffice x86_64 on Linux, installed from official rpms. > > Since it got updated to Version 3.6.0.4 (Build ID: 932b512), rkhunter > > whines : > > Checking for packet capturing applications > > Warning: Process '/opt/libreoffice3.6/program/soffice.bin' (PID 15079) is > > listening on the network. > > > > lsof -i doesn't show anything related to soffice, but lsof -U shows : > > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE > > NAME > > soffice.b 15079 naudin 11u unix 0xffff8100883b7c80 0t0 352208 > > socket > > X 2924 root 44u unix 0xffff8100883b7980 0t0 352209 > > /tmp/.X11-unix/X0 > > soffice.b 15079 naudin 12u unix 0xffff8100883b7680 0t0 352210 > > /tmp/OSL_PIPE_1058_SingleOfficeIPC_474aee6e854ee537ef2ad5a42cd51fe9 > > soffice.b 15079 naudin 22u unix 0xffff8100883b7080 0t0 352223 > > socket > > X 2924 root 46u unix 0xffff8100883b7380 0t0 352224 > > /tmp/.X11-unix/X0 > > > > The same rkhunter has no problem with LibreOffice 3.5.4.2, Build ID: > > 165a79a-7059095-e13bb37-fef39a4-9503d18, also an official rpm for Linux > > x86_64. > > But LibreOffice-3.5 only use one socket, the /tmp/OSL_PIPE one. > > > > Is there a way to turn off these extra sockets in 3.6 ? > > > > Thanks, > > > > I can't replicate on the deb version with: > Rootkit Hunter version 1.3.8 > > What version of rkhunter & have you: > rkhunter --update > to ensure that your rkhunter is up to date? > > Version 3.6.0.4 (Build ID: 932b512) > > I won't be able to check an rpm version until later - sorry.
Hi, Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5. Of course I can get rkhunter silent with something like DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin". In this case it will not complain about LibreOffice listening on the network... even when I open a file with some malware inside. Can you check the output of this command : lsof -U | grep soffice With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but with LibreOffice-3.6 I get two more lines, two unix sockets. Regards, -- Philippe Naudin -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted