From owner-freebsd-security@FreeBSD.ORG Sat May 1 05:54:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC10216A4CE for ; Sat, 1 May 2004 05:54:09 -0700 (PDT) Received: from phobos.osem.com (phobos.osem.com [66.92.67.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id A757143D3F for ; Sat, 1 May 2004 05:54:09 -0700 (PDT) (envelope-from andy@lewman.com) Received: by phobos.osem.com (Postfix, from userid 1001) id 31B7E294; Sat, 1 May 2004 08:54:09 -0400 (EDT) Date: Sat, 1 May 2004 08:54:09 -0400 From: andy@lewman.com To: freebsd-security@freebsd.org Message-ID: <20040501125409.GA65876@phobos.osem.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-phase_of_moon: The Moon is Waxing Gibbous (86% of Full) Subject: chkrootkit and 4.10-prerelease issues? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 May 2004 12:54:10 -0000 Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar to the 5.x issues with chkrootkit? -- Andrew