Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
This is looking suspicious to me.
-Josh More
Mobile email powered by Nokia Intellisync
---- Original Message ---- From: "Togan Muftuoglu" toganm@dinamizm.com Date: 10/1/15 12:08 To: "opensuse-security@opensuse.org" opensuse-security@opensuse.org Subj: Re: [opensuse-security] Kernel Update for 11.1 Manfred Hollstein wrote:
On Fri, 15 Jan 2010, 18:50:45 +0100, Togan Muftuoglu wrote:
ariel sabiguero yawelak wrote:
Well, I know this is awful, bad, irreponsable, and so on, but, how
about:
strings /boot/vmlinuz | grep 2.6toganm@mobile:~> strings /boot/vmlinuz | grep 2.6 2.6.27.42-0.1-default (geeko@buildhost) #1 SMP 2010-01-06 16:07:25
+0100
~2;6 X256 #2j6 I2n6 2_6H
Yet why uname prints something else ?
What does
cat /proc/version
toganm@mobile:~> cat /proc/version Linux version 2.6.27.42-0.1-default (geeko@buildhost) (gcc version 4.3.2 [gcc-4_3-branch revision 141291] (SUSE Linux) ) #1 SMP 2010-01-06 16:07:25 +0100
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Thanks
Togan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
- -- Cheers, Carlos E. R.
On Tuesday 09 February 2010 21:42:04 Carlos E. R. wrote:
On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall).
On Wednesday 10 February 2010 03:28:07 Ruediger Oertel wrote:
On Tuesday 09 February 2010 21:42:04 Carlos E. R. wrote:
On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall).
Wow! What's that script? WHy does it change the system uname?
ah, forgot to mention: the purpose of that script:
Being able to build somewhat broken sources for kernel modules that use uname(1) to get the version of the kernel to compile for (mainly think of some popular graphics drivers, but not limited to these ...)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday, 2010-02-10 at 11:24 +0100, Ruediger Oertel wrote:
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall).
ah, forgot to mention: the purpose of that script:
Being able to build somewhat broken sources for kernel modules that use uname(1) to get the version of the kernel to compile for (mainly think of some popular graphics drivers, but not limited to these ...)
I understand. Thanks.
- -- Cheers, Carlos E. R.
-
Carlos E. R. -
Josh More -
Ruediger Oertel -
Togan Muftuoglu