On Tuesday 09 February 2010 21:42:04 Carlos E. R. wrote:
On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall). -- with kind regards (mit freundlichem Grinsen), Ruediger Oertel (ro@novell.com,ro@suse.de,bugfinder@t-online.de) ---------------------------------------------------------------------- Linux MacBookRudi 2.6.33-rc6-2-desktop #1 SMP PREEMPT 2010-02-04 13:24:08 +0100 x86_64 Key fingerprint = 17DC 6553 86A7 384B 53C5 CA5C 3CE4 F2E7 23F2 B417 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org