1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Author: Andreas Stempfhuber <andi@afulinux.de>
Description: The check for suspect PHP files is broken by design.
1. Any non-text file contents confuse the results of the grep if they match.
2. Not file names are printed, but file contents. That can't be what the check
is supposed to achieve.
This patch fixes '/usr/bin/find: head terminated by signal 13' errors and
prints affected file names instead of their content.
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/chkrootkit
+++ b/chkrootkit
@@ -1260,9 +1260,9 @@
printn "Searching for suspect PHP files... "; fi
files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
if [ `echo abc | head -n 1` = "abc" ]; then
- fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | $egrep '#!.*php' 2> /dev/null`"
+ fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
else
- fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | grep '#!.*php' 2> /dev/null`"
+ fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
fi
if [ "${files}" = "" -a "${fileshead}" = "" ]; then
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
|
