Thread: Unusual problems with Slackware 9.0 (kernel 2.4.20)
View Single Post

   
  #2 (permalink)  
Old 02-18-2008, 10:59 AM
Alan Hicks
 
Posts: n/a
Default Re: Unusual problems with Slackware 9.0 (kernel 2.4.20)
In article <ec4082b3.0309012255.24f2e7c8@posting.google.com >, Aleksandr wrote:
>
> Now my first thought was immediately "hack!"

My first thought was "bad memory". Your symptoms seem indicative of
that, except for the part about the files becoming the same size on
each of the two boxes. Can you verify that the files are the same using
md5sum? If the files are the same, then it almost definately is not bad
memory! Having two boxes with different memory chips appending the same
random data to the same files is just too weird.

> 2. While writing this post and investigating /usr/local/bin, I noticed
> that custom compiled and installed software like pngtogd and gd2topng
> (part of the GD graphics library) are also affected. There is no
> reason for a hacker to touch files like this.

Hmm... I've never heard of anyone with your condition before, but you
are using some custom compiled software which I'm not familiar with. Is
this software common to both machines, and if so, could it be the
source of your trouble?

> 1. Both boxes show the exact same file sizes on affected files. The
> files are always the same ones being affected. Could be indicative of
> a standard root kit, but again, why would a root kit replace gd
> executables?

Again, verify that these files are identical with md5sum.

> Something that just occurred to me is that I believe the file system
> corruption occurred on each box right after I scp'ed a file from a
> different system to that box.

That doesn't make a whole lot of sense though. scp is just a simple
copy program tunneled through ssh. Why would that touch the majority of
your files in /bin? Unless possibly you scp'ed these files from the
same machine, and that machine has something very wrong with it.

> The above may be just coincidental though.

Most likely they are, but that's just too damned coincidental not to
mean something if you ask me (and you did).

> Thanks in advance for any ideas or suggestions!

Let us know when you get it fixed. I'm going to try to scp something
from another machine to a slackware 9.0 box today and see what happens.

--
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
Reply With Quote