On Wednesday 10 February 2010 03:28:07 Ruediger Oertel wrote:
On Tuesday 09 February 2010 21:42:04 Carlos E. R. wrote:
On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall).
Wow! What's that script? WHy does it change the system uname? ah, forgot to mention: the purpose of that script:
Being able to build somewhat broken sources for kernel modules that use uname(1) to get the version of the kernel to compile for (mainly think of some popular graphics drivers, but not limited to these ...) -- with kind regards (mit freundlichem Grinsen), Ruediger Oertel (ro@novell.com,ro@suse.de,bugfinder@t-online.de) ---------------------------------------------------------------------- Linux Fatou 2.6.32-3-desktop #1 SMP PREEMPT 2009-12-04 00:41:46 +0100 x86_64 Key fingerprint = 17DC 6553 86A7 384B 53C5 CA5C 3CE4 F2E7 23F2 B417 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org