On Thu, Oct 9, 2014 at 10:34 PM, Brandon Vincent wrote:

On Thu, Oct 9, 2014 at 6:25 PM, Carlos F. Lange wrote:

...

Does this look like a script is trying to exploit the shellshock vulnerability?

Are you running any scheduled jobs with at? Do you have the "modules" package installed?

I am not running any scheduled jobs with "at". I have "modules" installed. "Mpich" requires "modules".

Red Hat is attempting to work with the upstream developers of at to fix this issue [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1147043

"Description of problem: Customer applied shellshock update and now at is broken." Could it be that openSUSE uses "at" for some system activities? Carlos FL -- Carlos F Lange Gaúcho nas Pradarias http://goo.gl/fvVhr -- Recursive: Adj. See Recursive. -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Thu, Oct 9, 2014 at 11:07 PM, Brandon Vincent wrote:

On Thu, Oct 9, 2014 at 10:01 PM, Carlos F. Lange wrote:

...

Could it be that openSUSE uses "at" for some system activities?

atq(1) while running as root should show scheduled at jobs for all users.

Another way is to run an at job manually and see if you get any more mail.

[root@example ~]# at now at> ls at> CTRL-D

It must be something else. "atd" is not even running, so I can't use "at". I have a "cron" job, but it does not seem to be causing problems. -- Carlos F Lange Gaúcho nas Pradarias http://goo.gl/fvVhr -- Recursive: Adj. See Recursive. -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Thu, Oct 9, 2014 at 11:26 PM, Brandon Vincent wrote:

On Thu, Oct 9, 2014 at 10:19 PM, Carlos F. Lange wrote:

...

It must be something else. "atd" is not even running, so I can't use "at". I have a "cron" job, but it does not seem to be causing problems.

Well, "/usr/share/Modules/" is part of Environment Modules, so this is definitely related. What was the subject line of the mail you received?

The subject line was: "Output from your job 5" I had just logged in at the time of the email yesterday. Today's login did not trigger such email. -- Carlos F Lange Gaúcho nas Pradarias http://goo.gl/fvVhr -- Recursive: Adj. See Recursive. -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Thu, Oct 9, 2014 at 11:54 PM, Brandon Vincent wrote:

On Thu, Oct 9, 2014 at 10:36 PM, Carlos F. Lange wrote:

...

The subject line was: "Output from your job 5"

That is an output from an at job. Out of curiosity, are you in an environment where you have shared home directories/mail forwarding setup from the root account?

No shared directories or mail forwarding. I looked everywhere for a script containing BASH_FUNC_module, but no luck. # env | grep BASH_FUNC BASH_FUNC_module()=() { eval `/usr/share/Modules/$MODULE_VERSION/bin/modulecmd bash $*` BASH_FUNC_mc()=() { . /usr/share/mc/mc-wrapper.sh These environment variables are in all my machines, so they seem legit. -- Carlos F Lange Gaúcho nas Pradarias http://goo.gl/fvVhr -- Recursive: Adj. See Recursive. -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Fri, Oct 10, 2014 at 12:10 AM, Marcus Meissner wrote:

This is a bug in at (caused by the bash fixes), which we will release updates for.

CIao, Marcus

Thanks Marcus! -- Carlos F Lange Gaúcho nas Pradarias http://goo.gl/fvVhr -- Recursive: Adj. See Recursive. -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org