[libreoffice-users] Re: [3.6] "listening on the network"

Fri, 17 Aug 2012 16:45:27 -0700 

On 08/17/2012 01:27 PM, NoOp wrote:
> On 08/17/2012 12:04 AM, Philippe Naudin wrote:
...
>> Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5.
> 
> I'm installing that now on Fedora 17 to test.
> 
>> 
>> Of course I can get rkhunter silent with something like
>> DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin".
>> In this case it will not complain about LibreOffice listening on
>> the network... even when I open a file with some malware inside.
>> 
>> Can you check the output of this command :
>> lsof -U | grep soffice
>> 
>> With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but
>> with LibreOffice-3.6 I get two more lines, two unix sockets.
>> 
>> Regards,
>> 
> 
> LO3.5:
> $ lsof -U | grep soffice
> soffice.b 10636   gg    3u  unix 0x00000000      0t0 3994910 socket
> soffice.b 10636   gg    7u  unix 0x00000000      0t0 3994914 socket
> soffice.b 10636   gg    9u  unix 0x00000000      0t0 3994918
> /tmp/OSL_PIPE_1000_SingleOfficeIPC_5fb899de7f8c215610dccf91954a6c
> soffice.b 10636   gg   12u  unix 0x00000000      0t0 3994992 socket
> soffice.b 10636   gg   26u  unix 0x00000000      0t0 4004457 socket
> soffice.b 10636   gg   28u  unix 0x00000000      0t0 4004462 socket
> soffice.b 10636   gg   29u  unix 0x00000000      0t0 4005488 socket
> soffice.b 10636   gg   33u  unix 0x00000000      0t0 4005654 socket
> 
> LO3.6:
> $ lsof -U | grep soffice
> soffice.b 10807   gg    6u  unix 0x00000000      0t0 4079489 socket
> soffice.b 10807   gg   10u  unix 0x00000000      0t0 4079493 socket
> soffice.b 10807   gg   13u  unix 0x00000000      0t0 4079497
> /tmp/OSL_PIPE_1000_SingleOfficeIPC_cc556045c3355e1abfd1d44ea4ee4532
> soffice.b 10807   gg   15u  unix 0x00000000      0t0 4079499 socket
> soffice.b 10807   gg   24u  unix 0x00000000      0t0 4079581 socket
> soffice.b 10807   gg   26u  unix 0x00000000      0t0 4079663 socket
> soffice.b 10807   gg   27u  unix 0x00000000      0t0 4079762 socket
> soffice.b 10807   gg   32u  unix 0x00000000      0t0 4079938 socket

And from Fedora 17 (rpm)
LO3.6:
$ lsof -U | grep soffice
soffice.b 30094   gg    6u  unix 0xf4440b40      0t0 116738 socket
soffice.b 30094   gg   10u  unix 0xf4441d40      0t0 116742
/tmp/OSL_PIPE_1000_SingleOfficeIPC_5d6a40e77981cf59bf3a90df38dfa5f7
soffice.b 30094   gg   27u  unix 0xf44406c0      0t0 116776 socket
soffice.b 30094   gg   28u  unix 0xf4441680      0t0 116778 socket
soffice.b 30094   gg   33u  unix 0xdb205680      0t0 116782 socket

$ rkhunter --version
Rootkit Hunter 1.4.0

No warnings regarding anything 'soffice' in the rkhunter logs.




-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Reply via email to