Bug#247397: kdelibs-bin: checksum differs from installed package
On Tue, 2004-05-04 at 15:04, Chris Cheney wrote:
> On Tue, May 04, 2004 at 02:33:10PM -0700, Ross Boylan wrote:
> > Package: kdelibs-bin
> > Version: 4:3.2.2-2
> > Severity: minor
> >
> > tiger reports
> > --FAIL-- [lin005f] Installed file `/usr/bin/kfmexec' checksum differs
> > from installed package ''.
> >
> > I don't know why, and I doubt it's significant, but I thought I'd let
> > you know.
>
> If the md5sum really is different then it may mean your system is
> compromised, and it definitely is significant. I have not used tiger
> before but you can check if they are the same by using md5sum as below:
>
> lrwxrwxrwx 1 root root 7 2004-04-21 18:51 /usr/bin/kfmexec -> kioexec
>
> md5sum /usr/bin/kioexec
> 77e8c8f8f68d07469f9835259d1f3682 /usr/bin/kioexec
>
> grep kioexec /var/lib/dpkg/info/kdelibs-bin.md5sums
> 77e8c8f8f68d07469f9835259d1f3682 usr/bin/kioexec
>
> Please follow up with what you find out...
>
> Thanks,
> Chris
iron:~# md5sum /usr/bin/kioexec
77e8c8f8f68d07469f9835259d1f3682 /usr/bin/kioexec
iron:~# grep kioexec /var/lib/dpkg/info/kdelibs-bin.md5sums
77e8c8f8f68d07469f9835259d1f3682 usr/bin/kioexec
By eye, identical with each other and with your results.
By diff, identical with each other.
Pretty weird.
I wonder if the tiger run could have caught things in
mid-installation? That seems unlikely given when I think it runs. On
Apr 27 around noon I upgraded to kdelibs-bin 3.2.2-2.
I got the warning from tiger on Apr 28 around 1am. The warning itself
doesn't have a specific time on it, but inspecting my tiger cronrc makes
me pretty confident the job started at 1am.
I reran deb_checkmd5sums independently to see if it still reports
anything for this file, and it doesn't. I also note the line preceding
the report says
# Verifying system specific password checks...
when it should say
# Checking md5sums of installed files
All in all, it's probably OK to close this. I'll watch to see if it
recurs, and consider that it might be a tiger bug.
I appreciate your quick response and alerting me that this might be a
sign I'd been cracked.
--
Ross Boylan wk: (415) 502-4031
530 Parnassus Avenue (Library) rm 115-4 ross@biostat.ucsf.edu
Dept of Epidemiology and Biostatistics fax: (415) 476-9856
University of California, San Francisco
San Francisco, CA 94143-0840 hm: (415) 550-1062
Reply to: