Re: /dev/shm/r?

To: Johann Spies <jspies@sun.ac.za>, debian-security@lists.debian.org
Subject: Re: /dev/shm/r?
From: Michael Stone <mstone@debian.org>
Date: Mon, 01 Jun 2009 07:23:27 -0400
Message-id: <[🔎] 20090601112327.GB3797@osgiliath.mathom.us>
Mail-followup-to: Johann Spies <jspies@sun.ac.za>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20090601084652.GA22462@sun.ac.za>
References: <[🔎] 20090601084652.GA22462@sun.ac.za>

On Mon, Jun 01, 2009 at 10:46:54AM +0200, Johann Spies wrote:

I am a bit worried that my computer have been compromised.

...

I think the last three lines are not problematic but in /dev/shm/r I found:

spawn /bin/bash
interact

Do I have reason to be worried?

Yes, that's a typical location for intruders to drop files. Easiestthing to do is reinstall after thinking about how the compromise mayhave occurred. (Did you update regularly, including kernel updates? Didall accounts have strong passwords? Do you have web applications notmanaged by the system that weren't being updated? etc.)


Mike Stone

Reply to:

Follow-Ups:
- Re: /dev/shm/r?
  - From: Johann Spies <jspies@sun.ac.za>

References:
- /dev/shm/r?
  - From: Johann Spies <jspies@sun.ac.za>

Prev by Date: Re: /dev/shm/r?
Next by Date: Re: /dev/shm/r?
Previous by thread: Re: /dev/shm/r?
Next by thread: Re: /dev/shm/r?
Index(es):
- Date
- Thread