RE: [opensuse-security] Kernel Update for 11.1
Have you run chkrootkit and rkhunter? Have you verified the rpm that
uname is in with rpm -qV?
This is looking suspicious to me.
-Josh More
Mobile email powered by Nokia Intellisync
---- Original Message ----
From: "Togan Muftuoglu"
On Fri, 15 Jan 2010, 18:50:45 +0100, Togan Muftuoglu wrote:
ariel sabiguero yawelak wrote:
Well, I know this is awful, bad, irreponsable, and so on, but, how about:
strings /boot/vmlinuz | grep 2.6
toganm@mobile:~> strings /boot/vmlinuz | grep 2.6 2.6.27.42-0.1-default (geeko@buildhost) #1 SMP 2010-01-06 16:07:25 +0100 ~2;6 X256 #2j6 I2n6 2_6H
Yet why uname prints something else ?
What does
cat /proc/version
toganm@mobile:~> cat /proc/version Linux version 2.6.27.42-0.1-default (geeko@buildhost) (gcc version 4.3.2 [gcc-4_3-branch revision 141291] (SUSE Linux) ) #1 SMP 2010-01-06 16:07:25 +0100 -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1 Removing uname link and reinstalling coreutils solved the problem Thanks Togan -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAktxyKMACgkQtTMYHG2NR9Wj7gCfVfhK9kHeWsIg3e/3DZtAnPpC uBUAn2gDYloU99ZROTuH5QCMpdwN7/Eq =HOw6 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tuesday 09 February 2010 21:42:04 Carlos E. R. wrote:
On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall). -- with kind regards (mit freundlichem Grinsen), Ruediger Oertel (ro@novell.com,ro@suse.de,bugfinder@t-online.de) ---------------------------------------------------------------------- Linux MacBookRudi 2.6.33-rc6-2-desktop #1 SMP PREEMPT 2010-02-04 13:24:08 +0100 x86_64 Key fingerprint = 17DC 6553 86A7 384B 53C5 CA5C 3CE4 F2E7 23F2 B417 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Wednesday 10 February 2010 03:28:07 Ruediger Oertel wrote:
On Tuesday 09 February 2010 21:42:04 Carlos E. R. wrote:
On Friday, 2010-01-15 at 19:51 +0100, Togan Muftuoglu wrote:
Josh More wrote:
Have you run chkrootkit and rkhunter? Have you verified the rpm that uname is in with rpm -qV?
Bingo
toganm@mobile:~/Pictures/2008-08-26> rpm -qV coreutils ....L... /bin/uname
toganm@mobile:~/Pictures/2008-08-26> l /bin/uname lrwxrwxrwx 1 root root 30 Dec 17 20:41 /bin/uname -> /usr/lib/build/helper/uname.sh* toganm@mobile:~/Pictures/2008-08-26> rpm -qf /usr/lib/build/helper/uname.sh post-build-checks-1.0-53.12.1
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall).
Wow! What's that script? WHy does it change the system uname? ah, forgot to mention: the purpose of that script:
Being able to build somewhat broken sources for kernel modules that use uname(1) to get the version of the kernel to compile for (mainly think of some popular graphics drivers, but not limited to these ...) -- with kind regards (mit freundlichem Grinsen), Ruediger Oertel (ro@novell.com,ro@suse.de,bugfinder@t-online.de) ---------------------------------------------------------------------- Linux Fatou 2.6.32-3-desktop #1 SMP PREEMPT 2009-12-04 00:41:46 +0100 x86_64 Key fingerprint = 17DC 6553 86A7 384B 53C5 CA5C 3CE4 F2E7 23F2 B417 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2010-02-10 at 11:24 +0100, Ruediger Oertel wrote:
Removing uname link and reinstalling coreutils solved the problem
Wow! What's that script? WHy does it change the system uname?
well, the package it belongs to clearly says not to install it to a running system, it's meant for the build-environment only (and it even removes the uname hack on uninstall).
ah, forgot to mention: the purpose of that script:
Being able to build somewhat broken sources for kernel modules that use uname(1) to get the version of the kernel to compile for (mainly think of some popular graphics drivers, but not limited to these ...)
I understand. Thanks. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAktzCugACgkQtTMYHG2NR9VA1gCfVt7pMc1g3Pm6Vtmf41pvWlOe 4+kAoIkcS148dPG8yjHhvchLjtT+D53j =mqZb -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (4)
-
Carlos E. R.
-
Josh More
-
Ruediger Oertel
-
Togan Muftuoglu