Re: Duplicate '..' in /lib

• Next message: Gareth Hughes: "Re: 4.1.0 DRM (was Re: Linux 2.4.6-ac3)"
• Previous message: Kanoj Sarcar: "Re: [PATCH] Separate global/perzone inactive/free shortage"
• In reply to: Alex Buell: "Re: Duplicate '..' in /lib"
• Next in thread: Alex Buell: "Re: Duplicate '..' in /lib"
• Reply: Alex Buell: "Re: Duplicate '..' in /lib"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 16, 2001 at 07:30:01AM +0100, Alex Buell wrote:
> On Mon, 16 Jul 2001, Alexander Viro wrote:

> > Alex, could you do strace of that? It would clarify the situation.

> Unfortunately there's no working version of strace for the sparc32-linux
> platform. :o( If anyone knows better, I'd be infinitely grateful - mail me
> privately.

> As it turns out, the extraneous '..' is actually a file. I did a rm ..*,
> which left the original .. directory alone but removed the .. file. Did a
> e2fsck on reboot, no problems found.

        That's like the old game of adventure when you wave the wand and
it replies "Nothing obvious happens" just before you step into quicksand
(if you waved it an even number of times).

        You got problems. There should be a reason for that file and it
ain't good. It ain't good AT ALL. It's a stock "cracker" trick for
hiding something (lame, I know). You need to go over that system with
a fine toothed comb. Boot from secure media, like the LinuxCare BBC
(Bootable Business Card), and sweep that sucker. You can use rpm to
verify the packages to begin with... Don't trust ANY executable on
the system itself.

        You HAVE to boot from other media. Some of these suckers have
Linux kernel modules (we'll keep it a little on topic here) like Adore
and KIS that hide processes, connections, services, and files. You can
not trust your kernel if you may have been compromised.

> --
> Hey, they *are* out to get you, but it's nothing personal.

        No joke... And I do believe they done got you.

> http://www.tahallah.demon.co.uk

        Mike

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Gareth Hughes: "Re: 4.1.0 DRM (was Re: Linux 2.4.6-ac3)"
• Previous message: Kanoj Sarcar: "Re: [PATCH] Separate global/perzone inactive/free shortage"
• In reply to: Alex Buell: "Re: Duplicate '..' in /lib"
• Next in thread: Alex Buell: "Re: Duplicate '..' in /lib"
• Reply: Alex Buell: "Re: Duplicate '..' in /lib"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jul 23 2001 - 21:00:08 EST