[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


You know what's irritating?  When you notice that an old box that's been
completely ignored and unprotected for a long time is getting a little
unstable, then when you run ps you get a list of processes that doesn't
include "ps" but instead includes "3".  Then, you look at most of the
binaries in your /bin directory, and the md5sum and timestamp aren't right
with the RPM database.  Furthermore, if you look at the binaries with
less, you see stuff about the upx binary packer:

sauer@host:~ > grep Info `which ps`
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
sauer@host:~ > grep Id `which ps`
$Id: UPX 1.20 Copyright (C) 1996-2001 the UPX Team. All Rights Reserved. $

Sigh.  I guess that machine was really due for an upgrade anyway.  That
explains the slight instability it's had for the last year or so... :)

--Danny, pretty sure that SuSE didn't use upx on their old distribs, and
pretty sure that various rootkits do

To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.