[prev in list] [next in list] [prev in thread] [next in thread] 

List:       chkrootkit-users
Subject:    Re: [crt-users] crontab and chkrootkit
From:       Gavan Fantom <gavan () coolfactor ! org>
Date:       2003-08-11 14:11:17
[Download RAW message or body]

On Sat, 9 Aug 2003, Mike Burger wrote:

> > So why not check also that the .packlist files contain the right sort of
> > data? That's harder to abuse.
>
> That would require that chkrootkit be kept up to date with the contents of
> every perl module's packlist.  Not really feasible.

No, just in the same way that chkrootkit doesn't keep up to date with the
exact contents of every executable on the system.

But you can verify that .packlist is a regular file where every line
matches a pattern such as /^\/[^ ]* type=[^ ]*$/, or an equivalent
non-perl pattern.

-- 
Gillette - the best a man can forget
[prev in list] [next in list] [prev in thread] [next in thread]