Re: suspicious files in /tmp
On Montag Januar 5 2004 18:43, Marcel Weber wrote:
> Whatever, I guess during the inital setup of LFS I made a mistake and
> compiled these files statically... This probably explains the size. I do
> not think, that they're belonging to a rootkit, as I have the same files
> on my initial install backup.
>
> Anyways, if someone is interested in them, I could send them, but I
> think 1.3 MB of files is too much for this mailing list...
It is easy to check if an executable is linked statically or dynamically:
c++ -o hello.dyn hello.cc
c++ -o hello.stat -static hello.cc
ls -l hello.*
-rw-r--r-- 1 rz37 users 91 Sep 20 2002 hello.cc
-rwxr-xr-x 1 rz37 users 14269 Jan 6 15:43 hello.dyn
-rwxr-xr-x 1 rz37 users 1619690 Jan 6 15:43 hello.stat
file hello.dyn
hello.dyn: ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs), not stripped
file hello.stat
hello.stat: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped
ldd hello.dyn
libstdc++-libc6.2-2.so.3 => /usr/lib/libstdc++-libc6.2-2.so.3 (0x40030000)
libm.so.6 => /lib/libm.so.6 (0x4007d000)
libc.so.6 => /lib/libc.so.6 (0x4009f000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
ldd hello.stat
not a dynamic executable
Greetings, Rudolf
--
Rudolf Lohner --- Universitaet Karlsruhe (TH) --- Rechenzentrum
Zirkel 2, D-76128 Karlsruhe, phone/fax: +49 721 {608-6958 | 32550}
www: http://www.uni-karlsruhe.de/~Rudolf.Lohner
email: Rudolf.Lohner@rz.uni-karlsruhe.de
Reply to: