Re: suspicious files in /tmp

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: suspicious files in /tmp
From: Marcel Weber <mmweber@ncpro.com>
Date: Tue, 06 Jan 2004 15:43:07 +0100
Message-id: <[🔎] 3FFAC97B.5090700@ncpro.com>
In-reply-to: <[🔎] 200401061445.58127.Rudolf.Lohner@rz.uni-karlsruhe.de>
References: <[🔎] 3FF96A25.10601@ncpro.com> <[🔎] 20040105161822.GE5337@don.localnet> <[🔎] 3FF9A228.6060908@ncpro.com> <[🔎] 200401061445.58127.Rudolf.Lohner@rz.uni-karlsruhe.de>

Rudolf Lohner wrote:

[snip]

file hello.dynhello.dyn: ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs), not stripped
file hello.stathello.stat: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped

[snip]

Greetings,  Rudolf


Great, thanks! So here it comes:

www:~/chkrootkit/bin # file netstat

netstat: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),dynamically linked (uses shared libs), not stripped


www:~/chkrootkit/usr/bin # file env

env: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),statically linked, not stripped

So everythings clear now: One was statically linked, the otherdynamically and I guess, that the meaning of stripped is, if there isdebugging information in the file or not(?), which would make the fileeven bigger...


Greettings

Marcel

Reply to:

References:
- suspicious files in /tmp
  - From: Marcel Weber <mmweber@ncpro.com>
- Re: suspicious files in /tmp
  - From: Bill Marcum <bmarcum@iglou.com>
- Re: suspicious files in /tmp
  - From: Marcel Weber <mmweber@ncpro.com>
- Re: suspicious files in /tmp
  - From: Rudolf Lohner <Rudolf.Lohner@rz.uni-karlsruhe.de>

Prev by Date: Re: suspicious files in /tmp
Next by Date: Re: another kernel vulnerability
Previous by thread: Re: suspicious files in /tmp
Next by thread: another kernel vulnerability
Index(es):
- Date
- Thread