Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] user ***** - am I hacked?
  • From: Peter Wiersig <wiersig@xxxxxxxxx>
  • Date: Fri, 4 Jan 2002 09:20:35 +0100
  • Message-id: <200201040817.JAA32106@xxxxxxxxxxxxx>
Am Donnerstag, 3. Januar 2002 18:02 schrieb Guido Tschakert:
> Am Mittwoch, 2. Januar 2002 13:32 schrieb Marc Wiesenhütter:
> > Praise wrote:

> > > I have been told this is a reiserFS corruption problem... do you use
> > > it?

> > Hi Praise,
> > yes i did, but i changed it about 1 month ago. Are you really sure or
> > where can i get some informations about it? It would be too great.

>
> I have a lot of silly things in the output of last:
> <...>
> and for what praise said: I'm using reiserfs.
> Seems to me a problem with the filesystem and the format of wtmp, have

No, AFAIK it is that reiserfs has a journal for metadata but no journal for
data, so that when your server crashes while making changes to wtmp the inode
data goes in the journal and is replayed on reboot but the data in those
inodes has not been written and contains in your case perhaps a deleted
directory.

read this:
http://people.spoiled.org/jha/ext3-faq.html
Q: I updated ext3 today. Got all of my mounts converted. Now on boot, I see:
"EXT3-fs: mounted filesystem with ordered data mode". Is this normal?

Here is an explanation of different journal modes for ext3 where you can
chose between data-integrity and performance. reiserfs must have made this
choice for you.

I found this page while regarding benchmark result between ext3 and reiserfs
and found some comments to the ext3 journal mode.

I guess this is not a reiserfs bug, but a data inconsistency which may happen
if you run a journaling fs.

> Another possibility is: the rootkit of the cracker is a little bit rotten,
> in particular the part for last.

This is another possibility. ( It would by my last guess )

Peter

< Previous Next >