Re: how to run debsums for 'ps' and 'readline'

To: debian-user@lists.debian.org
Subject: Re: how to run debsums for 'ps' and 'readline'
From: Celejar <celejar@gmail.com>
Date: Sat, 20 Dec 2008 20:27:48 -0500
Message-id: <[🔎] 20081220202748.73931cc0.celejar@gmail.com>
In-reply-to: <[🔎] c5df85930812200143s772af08cieb76914c100e6fcd@mail.gmail.com>
References: <[🔎] 102E33C8-1B5C-4269-A376-B423821F0C8A@onemanifest.net> <[🔎] c5df85930812200143s772af08cieb76914c100e6fcd@mail.gmail.com>

On Sat, 20 Dec 2008 09:43:30 +0000
"James Youngman" <jay@gnu.org> wrote:

> On Fri, Dec 19, 2008 at 11:25 AM, oneman <lists@onemanifest.net> wrote:
> > Hi All,
> >
> >
> > chkrootkit is complaining about processes hidden from ps and readdir. So I'd
> > like to run debsums on them to test the integrity of ps and readdir.
> > However, 'debsums ps' doesn't work. Wich package name should I use to check
> > the integrity of these two?
> 
> readdir is a function in the C library.    If it is being fooled, the
> problem is either in the C library (which busybox will almost
> certainly also use) or in the kernel (which everything uses).

Regular busybox uses libc6, but busybox-static is a statically
linked version which doesn't.  Of course, your point about the kernel
is still valid.

> Probably the best option is to boot from a known-good CD or DVD and
> run your diagnostic tools from that.

Agreed.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

References:
- how to run debsums for 'ps' and 'readline'
  - From: oneman <lists@onemanifest.net>
- Re: how to run debsums for 'ps' and 'readline'
  - From: "James Youngman" <jay@gnu.org>

Prev by Date: iPod
Next by Date: Re: iPod
Previous by thread: Re: how to run debsums for 'ps' and 'readline'
Next by thread: Problem after upgrade
Index(es):
- Date
- Thread