Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Jul 2021 11:17:07 +0200
From:      Stefan Esser <se@freebsd.org>
To:        Michael Grimm <trashcan@ellael.org>, Warner Losh <imp@bsdimp.com>
Cc:        FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, FreeBSD ports <freebsd-ports@freebsd.org>, lukasz@wasikowski.net
Subject:   security/rkhunter without hashes after recent STABLE-13 update
Message-ID:  <4355013a-0be1-829f-2fe5-86eeb4ba80f7@freebsd.org>
In-Reply-To: <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org>
References:  <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org> <CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ@mail.gmail.com> <B829235A-3C8F-46F4-8D25-00A6125CE264@ellael.org> <CANCZdfojJ%2BiG9dcZ=nPZ65qsON6v2rnG6PLQwQFMJ0N-U8bohQ@mail.gmail.com> <08637D0D-9D65-4F53-9A64-F4742BA8E415@ellael.org> <CANCZdfpQCVm%2BaEbimzrkX%2BXkfXcbx2tJPgPXriqzMCYjZJ8kKg@mail.gmail.com> <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--GxeD6L2ZH33KPpGC8vsNLNvpZgPiZw8R2
Content-Type: multipart/mixed; boundary="PhEMBSXfMc8zoSFWPwaQWT8IQX0EdkuQ7";
 protected-headers="v1"
From: Stefan Esser <se@freebsd.org>
To: Michael Grimm <trashcan@ellael.org>, Warner Losh <imp@bsdimp.com>
Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>,
 FreeBSD ports <freebsd-ports@freebsd.org>, lukasz@wasikowski.net
Message-ID: <4355013a-0be1-829f-2fe5-86eeb4ba80f7@freebsd.org>
Subject: security/rkhunter without hashes after recent STABLE-13 update
References: <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org>
 <CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ@mail.gmail.com>
 <B829235A-3C8F-46F4-8D25-00A6125CE264@ellael.org>
 <CANCZdfojJ+iG9dcZ=nPZ65qsON6v2rnG6PLQwQFMJ0N-U8bohQ@mail.gmail.com>
 <08637D0D-9D65-4F53-9A64-F4742BA8E415@ellael.org>
 <CANCZdfpQCVm+aEbimzrkX+XkfXcbx2tJPgPXriqzMCYjZJ8kKg@mail.gmail.com>
 <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org>
In-Reply-To: <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org>

--PhEMBSXfMc8zoSFWPwaQWT8IQX0EdkuQ7
Content-Type: multipart/mixed;
 boundary="------------F0E6835EAC1DDC280EA83B43"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------F0E6835EAC1DDC280EA83B43
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Am 07.07.21 um 22:24 schrieb Michael Grimm:
> Warner Losh <imp@bsdimp.com> wrote:
>>
>> On Wed, Jul 7, 2021 at 12:47 PM Michael Grimm <trashcan@ellael.org> wr=
ote:
>>> Warner Losh <imp@bsdimp.com> wrote:
>=20
>>>> Sorry for any hassle this work is causing.
>>>
>>> No big deal for rkhunter, a workaround exists ;-)
>>
>> I think the reason is that it automatically switched to using sha256su=
m
>> because it was present, but it didn't automatically change #HASH_FLD_I=
DX=3D4
>> to be 1. The shell script is tricky enough that I've not looked throug=
h it
>> all. I'd argue this is a bug in the get_sha_hash_function which doesn'=
t
>> adjust the HASH_FLD_IDX based on which version it finds. Instead, it s=
ets
>> it unconditionally to 4 on *BSD or DragonFly.
[...]
>=20
> But anyway, you nailed it! That fixes rkhunter. It will now produce has=
hes for both /sbin/sha256 and /sbin/sha256sum.
>=20
> The attached patch (diff to new rkhunter script with both succeeding hu=
nks) will work for the rkhunter-1.4.6 script.
>=20
> Thanks and with kind regards,
> Michael

Hi Warner and Michael,

the reason I added full support for the -c option was that a port build f=
ailed
since it assumed that if the name of the hash program ended in "sum" it w=
as
fully compatible with the Coreutils program of that name and that is supp=
orted
the "-c digestfile" option.

This is a general problem when we gain compatibility with some other OS (=
TM):
Ports often assume that availability of a program (MACRO, include file, .=
=2E.)
means it is the real thing, and not only attempt of an emulation of the m=
ost
important feature (i.e. only considering a very specific use case).

An alternative (and my preferred fix) would be to not search for the *sum=

functions on FreeBSD, and thus not having to adjust the HASH_FLD_IDX vari=
able:

-- files/rkhunter.orig 2018-02-24 23:08:27 UTC
+++ files/rkhunter
@@ -4750,7 +4750,12 @@ get_sha_hash_function() {
                return
        fi

-       HFUNC=3D`find_cmd sha${SHA_SIZE}sum`
+       case ${OPERATING_SYSTEM} in
+       FreeBSD)
+               HFUNC=3D`find_cmd sha${SHA_SIZE}` ;;
+       *)
+               HFUNC=3D`find_cmd sha${SHA_SIZE}sum` ;;
+       esac

        if [ -z "${HFUNC}" ]; then
                HFUNC=3D`find_cmd sha${SHA_SIZE}`

The suggested patch is attached. I did not want to change more lines than=

required, and other BSDs could easily added to the special case, should
they be affected, too.

And I'd assume that this patch could be accepted by the upstream ...

Michael, could you please test this patch?

(I do not have rkhunter installed on my system ...)

Regards, STefan

--------------F0E6835EAC1DDC280EA83B43
Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
 name="rkhunter-port.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="rkhunter-port.diff"

ZGlmZiAtLWdpdCBhL3NlY3VyaXR5L3JraHVudGVyL2ZpbGVzL3BhdGNoLWZpbGVzX3JraHVu
dGVyIGIvc2VjdXJpdHkvcmtodW50ZXIvZmlsZXMvcGF0Y2gtZmlsZXNfcmtodW50ZXIKaW5k
ZXggYmQ3MGMzYTI3NmY0Li42MTZjNTg5YWUxMTIgMTAwNjQ0Ci0tLSBhL3NlY3VyaXR5L3Jr
aHVudGVyL2ZpbGVzL3BhdGNoLWZpbGVzX3JraHVudGVyCisrKyBiL3NlY3VyaXR5L3JraHVu
dGVyL2ZpbGVzL3BhdGNoLWZpbGVzX3JraHVudGVyCkBAIC0xLDYgKzEsMjAgQEAKLS0tLSBm
aWxlcy9ya2h1bnRlci5vcmlnCTIwMTQtMDMtMTIgMjA6NTQ6NTUgVVRDCistLS0gZmlsZXMv
cmtodW50ZXIub3JpZwkyMDE4LTAyLTI0IDIzOjA4OjI3IFVUQwogKysrIGZpbGVzL3JraHVu
dGVyCi1AQCAtNzI3NSw2ICs3Mjc1LDkgQEAgZG93bmxvYWRfZmlsZSgpIHsKK0BAIC00NzUw
LDcgKzQ3NTAsMTIgQEAgZ2V0X3NoYV9oYXNoX2Z1bmN0aW9uKCkgeworIAkJcmV0dXJuCisg
CWZpCisgCistCUhGVU5DPWBmaW5kX2NtZCBzaGEke1NIQV9TSVpFfXN1bWAKKysJY2FzZSAk
e09QRVJBVElOR19TWVNURU19IGluCisrCUZyZWVCU0QpCisrCQlIRlVOQz1gZmluZF9jbWQg
c2hhJHtTSEFfU0laRX1gIDs7CisrCSopCisrCQlIRlVOQz1gZmluZF9jbWQgc2hhJHtTSEFf
U0laRX1zdW1gIDs7CisrCWVzYWMKKyAKKyAJaWYgWyAteiAiJHtIRlVOQ30iIF07IHRoZW4K
KyAJCUhGVU5DPWBmaW5kX2NtZCBzaGEke1NIQV9TSVpFfWAKK0BAIC03NTIyLDYgKzc1Mjcs
OSBAQCBkb3dubG9hZF9maWxlKCkgewogIAkJcm0gLWYgIiR7T1VUUFVUX0ZJTEV9IiA+L2Rl
di9udWxsIDI+JjEKICAKICAJCWNhc2UgIiR7UktIV0VCQ01EX0JBU0V9IiBpbgo=
--------------F0E6835EAC1DDC280EA83B43--

--PhEMBSXfMc8zoSFWPwaQWT8IQX0EdkuQ7--

--GxeD6L2ZH33KPpGC8vsNLNvpZgPiZw8R2
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmDmwpMFAwAAAAAACgkQR+u171r99URI
HAgAlv+3InNypIQjAxvqXgljkWRUZRx/lA5NH+cxeV9pSpY1vUNzrw7HoTUo63MJAZnscYVBgnCR
U8ErDCbS27iyQAakgdNMOpFSu7GcMJfxWg9ykfpKtt9toPJksx0wrUTjV8rBZwl7fNBGfnzmNa41
EcsHQWS/uTw7BFBcEX73YH3cT8gr+KOeXYeS2RWNoQ6vXt/UOAlt50sBLgAjnxkFJWqrRK+nStfh
46KnNZ9/NCfy7SivXnd0mE5ztl+IyOCm2Dj+BOgEmqvJCV7+v2FnXlHFlWPQV3Civ65yEEkohEWD
g1JkfU3CHk3/jih/y6wDyu11Yk6MGyQaP0hV6U6ESQ==
=Ol13
-----END PGP SIGNATURE-----

--GxeD6L2ZH33KPpGC8vsNLNvpZgPiZw8R2--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4355013a-0be1-829f-2fe5-86eeb4ba80f7>