chkrootkit (part #3)

In chkrootkit

    if (!quiet)
      signal(SIGALRM, read_status);


void read_status() {
   double remaining_time;
   static long last_total_bytes_read=0;
   int diff;

   diff = total_wtmp_bytes_read-last_total_bytes_read;
   if (diff == 0) diff = 1;

   printf("Remaining time: %6.2f seconds\n", remaining_time);


I'll just quote the man page for signal()

       The behavior of signal() varies across UNIX versions, and has also var‐
       ied historically across different versions of Linux.   Avoid  its  use:
       use sigaction(2) instead.  See Portability below.

Is it a security bug? Unlikely. Is it a bug? Maybe. Should it be fixed? Yes, if you want to maintain it..


Popular posts from this blog

NetBSD kernel wscons IOCTL vulnerable bug class

InfoSect's Month of Pointless Bugs (#1, #2)

InfoSect's Month of Pointless Bugs (#3)