Re: strange files
On Mon, 2005-09-19 at 15:23 +1000, Peter Lieverdink wrote:
> Hi all,
>
> I came across something odd this morning on a Sarge production server I
> manage remotely. The machine runs a self-compiled 2.6.12.2 kernel and I
> keep it up to date with security fixes. (I run upgrades and
> dist-upgrades when I get email from debian-security-announce).
>
> The box is an HP/Compaq somethingorother server with the following
> controller:
>
> 0000:04:03.0 RAID bus controller: Compaq Computer Corporation Smart
> Array 64xx (rev 01). The filesystem is ext3 on 2x160GB hardware RAID1.
> The box has 3 GB ECC RAM. None of the hardware reports any failure of
> any kind.
>
> The weird this is that there are six files in / that should not be
> there. 'ls -l' gives me:
>
> -rw-rw-rw- 1 root root 0 2005-08-17 23:08 ?
> -rw-rw-rw- 1 root root 0 2005-08-18 23:08 ?
> -rw-rw-rw- 1 root root 0 2005-09-06 23:13 ?
> -rw-rw-rw- 1 root root 0 2005-08-17 23:08 ???
> -rw-rw-rw- 1 root root 0 2005-08-18 23:08 ???
> -rw-rw-rw- 1 root root 0 2005-09-06 23:13 ???
>
> Not useful.
>
> I wrote a little C app that runs readdir() on / and gives me all the
> filenames as strings and a char[] cast into int. With an utf8 console I
> get the filenames as a series of squares now, but what I find more
> interesting is that when I print off the integer values of each of the
> chars in the filenames, I get this:
>
> dir='/', file='', char[] = -10,-73,-128
> dir='/', file='?��', char[] = -10,-73,-80,-110,25,8
> dir='/', file='', char[] = -14,-73,-128
> dir='/', file='��', char[] = -14,-73,-80,-110,25,8
> dir='/', file='', char[] = -16,-73,-128
> dir='/', file='��', char[] = -16,-73,-80,-110,25,8
>
> ... negative numbers? (The strings won't paste properly).
Perhaps you should be using unsigned integers. That might make a little
more sense since I think that character systems generally work with
positive integers. If these are supposed to be unicode characters, or
anything else that's not _supposed_ to be understood in signed 8 bit
chunks, it's quite likely that you would have integer overflows
resulting in negative numbers.
a simple shell script might make inspection of the files/filenames a
little easier. something like:
david@zepto:/tmp/test$ ls -l total 12
-rw-r--r-- 1 david david 10 2005-09-19 21:28 ??
-rw-r--r-- 1 david david 31 2005-09-19 21:30 ???
-rw-r--r-- 1 david david 8 2005-09-19 21:30 ??
david@zepto:/tmp/test$ /bin/ls * | while read f ; do echo 'filename:';
echo $f |hd -o; echo 'file contents:'; cat $f |hd; echo
'-----------------'; done
filename:
00000000 01 02 0a |...|
0000000 001001 000012
0000003
file contents:
00000000 62 6c 61 68 20 62 6c 61 68 0a |blah blah.|
0000000a
-----------------
filename:
00000000 04 05 06 0a |....|
0000000 002404 005006
0000004
file contents:
00000000 61 6c 6c 20 79 6f 75 72 20 62 61 73 65 20 61 72 |all your
base ar|
00000010 65 20 62 65 6c 6f 6e 67 20 74 6f 20 75 73 0a |e belong to
us.|
0000001f
-----------------
filename:
00000000 07 08 0a |...|
0000000 004007 000012
0000003
file contents:
00000000 66 6f 6f 20 62 61 72 0a |foo bar.|
00000008
-----------------
dunno if that was helpful.
-davidc
--
gpg-key: http://www.zettazebra.com/files/key.gpg
Attachment:
signature.asc
Description: This is a digitally signed message part
Reply to: