[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ext3 problems triggered by some weird files?



Hi,

On Thu, 2003-05-22 at 01:31, Jure Pecar wrote:

> My theory goes like this: 
> 
> There is some fundamental flaw in the linux kernel that can be triggered by
> some foo file. What exactly would foo stand here i don't know (yet). I'm
> sure to save the maildrop directory when this happens next time :)

I can't see any evidence of that.  Your box[es] appear to be compromised
with a rootkit, as near as I can tell.  The asm that oopsed is garbage;
the return address on the stack is right after the indirection call in
system_call().  So somebody has patched the system call table to point
to a module, but the module is bogus.

Either you are loading a buggy (and very badly behaved) module
deliberately, or there's a rootkit on the box.

Oh, and tripwire isn't enough to verify your system --- most rootkits
have the ability to hide the files that they modify from user-space
programs.  You really need to verify the box from a standalone rescue CD
boot to eliminate that possibility.

Cheers,
 Stephen




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]