Suspicious behavior of packagekit

Lee Fuller leefuller23 at gmail.com
Fri Jul 24 13:50:46 UTC 2015 

Are you sure this behaviour isn't simply a package metadata refresh?

(Second send - didn't "reply all" at first try)

Regards
On 24 Jul 2015 2:22 pm, "S.Mohammad Emami Razavi" <emamirazavi at gmail.com>
wrote:

> I run
> $ [root at localhost rooster]# journalctl -u packagekit -f -n 5000
> in fedora
> [root at localhost rooster]# cat /etc/redhat-release
> Fedora release 22 (Twenty Two)
> and it results something like below lines:
> Jul 21 06:54:28 localhost.localdomain PackageKit[18871]: uid 1000 is
> trying to obtain org.freedesktop.packagekit.system-sources-refresh auth
> (only_trusted:0)
> Jul 21 06:54:28 localhost.localdomain PackageKit[18871]: uid 1000 obtained
> auth for org.freedesktop.packagekit.system-sources-refresh
> Jul 21 07:36:45 localhost.localdomain PackageKit[18871]: refresh-cache
> transaction /345_edadcabc from uid 1000 finished with success after
> 2536929ms
> Jul 21 07:36:45 localhost.localdomain PackageKit[18871]: get-updates
> transaction /346_aaeccddc from uid 1000 finished with success after 555ms
> Jul 21 07:36:45 localhost.localdomain PackageKit[18871]: new
> update-packages transaction /347_eacacecc scheduled from uid 1000
> Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: update-packages
> transaction /347_eacacecc from uid 1000 finished with cancelled-priority
> after 2594ms
> Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: resolve
> transaction /348_caabddad from uid 1000 finished with success after 143ms
> Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: resolve
> transaction /349_aabcaabc from uid 1000 finished with success after 83ms
> Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: resolve
> transaction /350_dbadaaeb from uid 1000 finished with success after 31ms
> Jul 21 07:36:50 localhost.localdomain PackageKit[18871]: new
> update-packages transaction /351_bebbaccb scheduled from uid 1000
> Jul 21 09:27:31 localhost.localdomain PackageKit[18871]: update-packages
> transaction /351_bebbaccb from uid 1000 finished with success after
> 6640574ms
> Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve
> transaction /352_cababcaa from uid 1000 finished with success after 30ms
> Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve
> transaction /353_ccabcecc from uid 1000 finished with success after 81ms
> Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve
> transaction /354_caddccdb from uid 1000 finished with success after 30ms
> Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve
> transaction /355_ddaacaea from uid 1000 finished with success after 278ms
> Jul 21 09:27:37 localhost.localdomain PackageKit[18871]: get-update-detail
> transaction /356_dabbaeed from uid 1000 finished with success after 1611ms
>
>
> It has very suspicious and unusual behavior to use network bandwidth. For
> example in 10 days it downloads over 2GB from net!!! regardless of dnf or
> yum updates...
>
>
> --
> security mailing list
> security at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20150724/24b508be/attachment.html>

More information about the security mailing list