From owner-freebsd-security Tue Jan 28 7: 9:54 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 357FB37B401 for ; Tue, 28 Jan 2003 07:09:53 -0800 (PST) Received: from mail.online.ie (mail.online.ie [213.159.130.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 962B343F43 for ; Tue, 28 Jan 2003 07:09:52 -0800 (PST) (envelope-from bofh@online.ie) Received: from greebo.eirteic.com (news.eirteic.com [62.17.159.133]) by mail.online.ie (Postfix) with ESMTP id B17BAB07E for ; Tue, 28 Jan 2003 15:09:45 +0000 (GMT) Content-Type: text/plain; charset="iso-8859-1" From: Sascha Luck To: freebsd-security@freebsd.org Subject: chkrootkit & FBSD-5 Date: Tue, 28 Jan 2003 15:16:07 +0000 User-Agent: KMail/1.4.3 References: <20030128085617.L167@woody.ops.uunet.co.za> In-Reply-To: <20030128085617.L167@woody.ops.uunet.co.za> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200301281516.16413.bofh@online.ie> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, on my CURRENT boxes, chkrootkit (v0.38) reports the following binaries as INFECTED: chfn chsh date ls ps as well as 7 hidden PIDs. recompiling/reinstalling the binaries seems to have no effect. I'm tempted to regard these as false positives - anyone else notice this behaviour? Cheers, s. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Np6951unZWdvDMoRAolEAJ9N4yRBVoAvvymU2/biCIFhynbM1QCgktNM UDLIuG8N6gdbMFc5IxGu5KM= =J7vD -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message