Date: Thu, 8 Jul 2021 11:17:07 +0200 From: Stefan Esser <se@freebsd.org> To: Michael Grimm <trashcan@ellael.org>, Warner Losh <imp@bsdimp.com> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, FreeBSD ports <freebsd-ports@freebsd.org>, lukasz@wasikowski.net Subject: security/rkhunter without hashes after recent STABLE-13 update Message-ID: <4355013a-0be1-829f-2fe5-86eeb4ba80f7@freebsd.org> In-Reply-To: <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org> References: <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org> <CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ@mail.gmail.com> <B829235A-3C8F-46F4-8D25-00A6125CE264@ellael.org> <CANCZdfojJ%2BiG9dcZ=nPZ65qsON6v2rnG6PLQwQFMJ0N-U8bohQ@mail.gmail.com> <08637D0D-9D65-4F53-9A64-F4742BA8E415@ellael.org> <CANCZdfpQCVm%2BaEbimzrkX%2BXkfXcbx2tJPgPXriqzMCYjZJ8kKg@mail.gmail.com> <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GxeD6L2ZH33KPpGC8vsNLNvpZgPiZw8R2 Content-Type: multipart/mixed; boundary="PhEMBSXfMc8zoSFWPwaQWT8IQX0EdkuQ7"; protected-headers="v1" From: Stefan Esser <se@freebsd.org> To: Michael Grimm <trashcan@ellael.org>, Warner Losh <imp@bsdimp.com> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, FreeBSD ports <freebsd-ports@freebsd.org>, lukasz@wasikowski.net Message-ID: <4355013a-0be1-829f-2fe5-86eeb4ba80f7@freebsd.org> Subject: security/rkhunter without hashes after recent STABLE-13 update References: <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org> <CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ@mail.gmail.com> <B829235A-3C8F-46F4-8D25-00A6125CE264@ellael.org> <CANCZdfojJ+iG9dcZ=nPZ65qsON6v2rnG6PLQwQFMJ0N-U8bohQ@mail.gmail.com> <08637D0D-9D65-4F53-9A64-F4742BA8E415@ellael.org> <CANCZdfpQCVm+aEbimzrkX+XkfXcbx2tJPgPXriqzMCYjZJ8kKg@mail.gmail.com> <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org> In-Reply-To: <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org> --PhEMBSXfMc8zoSFWPwaQWT8IQX0EdkuQ7 Content-Type: multipart/mixed; boundary="------------F0E6835EAC1DDC280EA83B43" Content-Language: en-US This is a multi-part message in MIME format. --------------F0E6835EAC1DDC280EA83B43 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Am 07.07.21 um 22:24 schrieb Michael Grimm: > Warner Losh <imp@bsdimp.com> wrote: >> >> On Wed, Jul 7, 2021 at 12:47 PM Michael Grimm <trashcan@ellael.org> wr= ote: >>> Warner Losh <imp@bsdimp.com> wrote: >=20 >>>> Sorry for any hassle this work is causing. >>> >>> No big deal for rkhunter, a workaround exists ;-) >> >> I think the reason is that it automatically switched to using sha256su= m >> because it was present, but it didn't automatically change #HASH_FLD_I= DX=3D4 >> to be 1. The shell script is tricky enough that I've not looked throug= h it >> all. I'd argue this is a bug in the get_sha_hash_function which doesn'= t >> adjust the HASH_FLD_IDX based on which version it finds. Instead, it s= ets >> it unconditionally to 4 on *BSD or DragonFly. [...] >=20 > But anyway, you nailed it! That fixes rkhunter. It will now produce has= hes for both /sbin/sha256 and /sbin/sha256sum. >=20 > The attached patch (diff to new rkhunter script with both succeeding hu= nks) will work for the rkhunter-1.4.6 script. >=20 > Thanks and with kind regards, > Michael Hi Warner and Michael, the reason I added full support for the -c option was that a port build f= ailed since it assumed that if the name of the hash program ended in "sum" it w= as fully compatible with the Coreutils program of that name and that is supp= orted the "-c digestfile" option. This is a general problem when we gain compatibility with some other OS (= TM): Ports often assume that availability of a program (MACRO, include file, .= =2E.) means it is the real thing, and not only attempt of an emulation of the m= ost important feature (i.e. only considering a very specific use case). An alternative (and my preferred fix) would be to not search for the *sum= functions on FreeBSD, and thus not having to adjust the HASH_FLD_IDX vari= able: -- files/rkhunter.orig 2018-02-24 23:08:27 UTC +++ files/rkhunter @@ -4750,7 +4750,12 @@ get_sha_hash_function() { return fi - HFUNC=3D`find_cmd sha${SHA_SIZE}sum` + case ${OPERATING_SYSTEM} in + FreeBSD) + HFUNC=3D`find_cmd sha${SHA_SIZE}` ;; + *) + HFUNC=3D`find_cmd sha${SHA_SIZE}sum` ;; + esac if [ -z "${HFUNC}" ]; then HFUNC=3D`find_cmd sha${SHA_SIZE}` The suggested patch is attached. I did not want to change more lines than= required, and other BSDs could easily added to the special case, should they be affected, too. And I'd assume that this patch could be accepted by the upstream ... Michael, could you please test this patch? (I do not have rkhunter installed on my system ...) Regards, STefan --------------F0E6835EAC1DDC280EA83B43 Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="rkhunter-port.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="rkhunter-port.diff" ZGlmZiAtLWdpdCBhL3NlY3VyaXR5L3JraHVudGVyL2ZpbGVzL3BhdGNoLWZpbGVzX3JraHVu dGVyIGIvc2VjdXJpdHkvcmtodW50ZXIvZmlsZXMvcGF0Y2gtZmlsZXNfcmtodW50ZXIKaW5k ZXggYmQ3MGMzYTI3NmY0Li42MTZjNTg5YWUxMTIgMTAwNjQ0Ci0tLSBhL3NlY3VyaXR5L3Jr aHVudGVyL2ZpbGVzL3BhdGNoLWZpbGVzX3JraHVudGVyCisrKyBiL3NlY3VyaXR5L3JraHVu dGVyL2ZpbGVzL3BhdGNoLWZpbGVzX3JraHVudGVyCkBAIC0xLDYgKzEsMjAgQEAKLS0tLSBm aWxlcy9ya2h1bnRlci5vcmlnCTIwMTQtMDMtMTIgMjA6NTQ6NTUgVVRDCistLS0gZmlsZXMv cmtodW50ZXIub3JpZwkyMDE4LTAyLTI0IDIzOjA4OjI3IFVUQwogKysrIGZpbGVzL3JraHVu dGVyCi1AQCAtNzI3NSw2ICs3Mjc1LDkgQEAgZG93bmxvYWRfZmlsZSgpIHsKK0BAIC00NzUw LDcgKzQ3NTAsMTIgQEAgZ2V0X3NoYV9oYXNoX2Z1bmN0aW9uKCkgeworIAkJcmV0dXJuCisg CWZpCisgCistCUhGVU5DPWBmaW5kX2NtZCBzaGEke1NIQV9TSVpFfXN1bWAKKysJY2FzZSAk e09QRVJBVElOR19TWVNURU19IGluCisrCUZyZWVCU0QpCisrCQlIRlVOQz1gZmluZF9jbWQg c2hhJHtTSEFfU0laRX1gIDs7CisrCSopCisrCQlIRlVOQz1gZmluZF9jbWQgc2hhJHtTSEFf U0laRX1zdW1gIDs7CisrCWVzYWMKKyAKKyAJaWYgWyAteiAiJHtIRlVOQ30iIF07IHRoZW4K KyAJCUhGVU5DPWBmaW5kX2NtZCBzaGEke1NIQV9TSVpFfWAKK0BAIC03NTIyLDYgKzc1Mjcs OSBAQCBkb3dubG9hZF9maWxlKCkgewogIAkJcm0gLWYgIiR7T1VUUFVUX0ZJTEV9IiA+L2Rl di9udWxsIDI+JjEKICAKICAJCWNhc2UgIiR7UktIV0VCQ01EX0JBU0V9IiBpbgo= --------------F0E6835EAC1DDC280EA83B43-- --PhEMBSXfMc8zoSFWPwaQWT8IQX0EdkuQ7-- --GxeD6L2ZH33KPpGC8vsNLNvpZgPiZw8R2 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmDmwpMFAwAAAAAACgkQR+u171r99URI HAgAlv+3InNypIQjAxvqXgljkWRUZRx/lA5NH+cxeV9pSpY1vUNzrw7HoTUo63MJAZnscYVBgnCR U8ErDCbS27iyQAakgdNMOpFSu7GcMJfxWg9ykfpKtt9toPJksx0wrUTjV8rBZwl7fNBGfnzmNa41 EcsHQWS/uTw7BFBcEX73YH3cT8gr+KOeXYeS2RWNoQ6vXt/UOAlt50sBLgAjnxkFJWqrRK+nStfh 46KnNZ9/NCfy7SivXnd0mE5ztl+IyOCm2Dj+BOgEmqvJCV7+v2FnXlHFlWPQV3Civ65yEEkohEWD g1JkfU3CHk3/jih/y6wDyu11Yk6MGyQaP0hV6U6ESQ== =Ol13 -----END PGP SIGNATURE----- --GxeD6L2ZH33KPpGC8vsNLNvpZgPiZw8R2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4355013a-0be1-829f-2fe5-86eeb4ba80f7>