zk rootkit
Bret Hughes
bhughes at elevating.com
Fri Nov 21 17:23:35 UTC 2003
On Fri, 2003-11-21 at 10:51, Andy Green wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Friday 21 November 2003 16:22, Bret Hughes wrote:
>
> > you are not running the same thing.
> >
> > the [ -f filename ] is a test to see if a file is a regular file and
> > exists. the -o is an operator to the test function not passed to run.
> > infact [ is a symbolic link to test
>
> Thanks for the education, Bret, I misread to precedence of who owned the
> switches.
>
> > on my fedora test box:
> > the return code indicates that neither test was true.
>
> [agreen at fastcat agreen]$ ll /usr/bin/run
> - -rwxr-xr-x 1 root root 28380 Sep 26 14:52 /usr/bin/run
>
> If I understood you correctly then this is enough to fire the warning?
>
yep, on my fedora box (upgraded from 7.1) there is no run rpm
installed. THis should probably be reported to the chrootkit guys..
Bret
More information about the users
mailing list