Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1904328

Summary: chkrootkit thinks /usr/bin/chsh is infected on Fedora 33
Product: [Fedora] Fedora Reporter: P D <pizzadudedotca>
Component: chkrootkitAssignee: Gwyn Ciesla <gwync>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 33CC: gwync, wolfy
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: chkrootkit-0.54-1.fc33 chkrootkit-0.54-1.fc32 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-02 01:08:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description P D 2020-12-04 05:43:42 UTC 
Description of problem:

On Fedora 33 with latest updates installed via DNF, chkrootkit thinks /usr/bin/chsh is infected, and displays the INFECTED warning.

Version-Release number of selected component (if applicable):

chkrootkit-0.53-4.fc33.x86_64
util-linux-user-2.36-3.fc33.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Run chkrootkit
2. Look at the logs
3. Notice the line "Checking `chsh'... INFECTED"

Actual results:

Chkrootkit claims chsh is infected.

Expected results:

Chkrootkit should not falsely claim this executable is infected. (I'm assuming this is a false positive, I have experienced the same issue on two machines)

Additional info:

Chkrootkit is old and probably unmaintained so issues like this will arise from time to time.
Comment 1 Gwyn Ciesla 2020-12-07 17:28:21 UTC 
Emailed upstream maintainers.
Comment 2 Gwyn Ciesla 2020-12-08 14:35:23 UTC 
Upstream says this will be fixed in the new release coming out in the next few days.
Comment 3 Fedora Update System 2020-12-24 18:56:27 UTC 
FEDORA-2020-d5928daf95 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d5928daf95
Comment 4 Fedora Update System 2020-12-25 02:06:17 UTC 
FEDORA-2020-d5928daf95 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-d5928daf95`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d5928daf95

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2020-12-25 02:12:29 UTC 
FEDORA-2020-e27eafb144 has been pushed to the Fedora 32 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-e27eafb144`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e27eafb144

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 P D 2020-12-25 19:34:42 UTC 
Confirmed fixed, thanks.
Comment 7 Fedora Update System 2021-01-02 01:08:54 UTC 
FEDORA-2020-d5928daf95 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2021-01-02 01:50:16 UTC 
FEDORA-2020-e27eafb144 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.