[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: unknown user: root



Andy Green wrote:

> Marian POPESCU wrote:
> 
>> I will do this tomorrow morning when I'll be in the office again.
>> 
>> Can I bother you with this any longer?
> 
> Sure, I'd be interested to understand what causes such a thing.
> 
> -Andy

I joined the output of strace -o /tmp/dmp_whoami whoami

Marian
execve("/usr/bin/whoami", ["whoami"], [/* 29 vars */]) = 0
brk(0)                                  = 0x848d000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fc0000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=133072, ...}) = 0
mmap2(NULL, 133072, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f9f000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\232X\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1529388, ...}) = 0
mmap2(NULL, 1254780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x92d000
mmap2(0xa5a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d) = 0xa5a000
mmap2(0xa5d000, 9596, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xa5d000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9e000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f9e6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xa5a000, 8192, PROT_READ)     = 0
mprotect(0x35a000, 4096, PROT_READ)     = 0
munmap(0xb7f9f000, 133072)              = 0
brk(0)                                  = 0x848d000
brk(0x84ae000)                          = 0x84ae000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=54316592, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d9e000
close(3)                                = 0
geteuid32()                             = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1736, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fbf000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1736
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb7fbf000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=133072, ...}) = 0
mmap2(NULL, 133072, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f9f000
close(3)                                = 0
open("/lib/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\20"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=36248, ...}) = 0
mmap2(NULL, 33392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x414000
mmap2(0x41b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x41b000
close(3)                                = 0
open("/lib/libnsl.so.1", O_RDONLY)      = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p6\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=94332, ...}) = 0
mmap2(NULL, 87848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x325000
mmap2(0x337000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x337000
mmap2(0x339000, 5928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x339000
close(3)                                = 0
mprotect(0x337000, 4096, PROT_READ)     = 0
mprotect(0x41b000, 4096, PROT_READ)     = 0
munmap(0xb7f9f000, 133072)              = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=133072, ...}) = 0
mmap2(NULL, 133072, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f9f000
close(3)                                = 0
open("/lib/libnss_nis.so.2", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\33"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=42232, ...}) = 0
mmap2(NULL, 37428, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x526000
mmap2(0x52e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0x52e000
close(3)                                = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \33\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=46608, ...}) = 0
mmap2(NULL, 41616, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x638000
mmap2(0x641000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x641000
close(3)                                = 0
mprotect(0x641000, 4096, PROT_READ)     = 0
mprotect(0x52e000, 4096, PROT_READ)     = 0
munmap(0xb7f9f000, 133072)              = 0
open("/etc/passwd", O_RDONLY)           = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
open("/etc/default/nss", O_RDONLY)      = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=1302, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fbf000
read(4, "# /etc/default/nss\n# This file c"..., 4096) = 1302
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0xb7fbf000, 4096)                = 0
uname({sys="Linux", node="techsoft-lwstation01", ...}) = 0
close(3)                                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=133072, ...}) = 0
mmap2(NULL, 133072, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f9f000
close(3)                                = 0
open("/lib/libnss_winbind.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\21\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=18808, ...}) = 0
mmap2(NULL, 31420, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x302000
mmap2(0x307000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0x307000
mmap2(0x308000, 6844, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x308000
close(3)                                = 0
munmap(0xb7f9f000, 133072)              = 0
getpid()                                = 1466
lstat64("/var/run/winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/run/winbindd/pipe", 0xbfbbb2e4) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fbf000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2528
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb7fbf000, 4096)                = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "whoami: cannot find name for use"..., 39) = 39
close(1)                                = 0
exit_group(1)                           = ?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]