Re: Am I paranoid?

To: debian-user@lists.debian.org
Subject: Re: Am I paranoid?
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Tue, 25 Feb 2014 11:03:57 +1100
Message-id: <530BDDED.70504@gmail.com>
In-reply-to: <lefq9o$kuq$1@ger.gmane.org>
References: <lefcou$68c$1@ger.gmane.org> <1943927.mP18IQJb7E@twilight> <20140224154804.GB4691@hawking> <1521775.fCcAIDVUWK@twilight> <lefq9o$kuq$1@ger.gmane.org>

Yes - you are paranoid. There is no conspiracy. Those files were
installed by the operator/user/sysadmin.
So relax. :)

If you want to remove them:-
# apt-get remove open-vm-tools open-vm-toolbox

On 25/02/14 03:04, ha wrote:
> 
>>>>>> I did. It only shows that files are there:
>>>>>> /etc/pam.d/vmtoolsd
>>>>>> /usr/bin/vmtoolsd

etc/pam.d/vmtoolsd
/usr/bin/vmtoolsd
/usr/lib/libvmtools.a
/usr/lib/libvmtools.so
/usr/lib/libvmtools.so.0
/usr/lib/libvmtools.so.0.0.0
/usr/share/man/man3/libvmtools.3.gz
/usr/share/open-vm-tools/messages/de/vmtoolsd.vmsg
/usr/share/open-vm-tools/messages/ja/vmtoolsd.vmsg
/usr/share/open-vm-tools/messages/ko/vmtoolsd.vmsg

>>>>>
>>>>> By the way, there is also /etc/vmware-tools folder

It's difficult to tell who you're quoting as you've stripped all the
attributions from the post.
You'll also find you have:-
/etc/vmware-tools/xautostart.conf
/etc/vmware-tools/poweroff-vm-default
/etc/vmware-tools/poweron-vm-default
/etc/vmware-tools/resume-vm-default
/etc/vmware-tools/scripts/vmware/network
/etc/vmware-tools/statechange.subr
/etc/vmware-tools/suspend-vm-default
/etc/vmware-tools/tools.conf
/etc/vmware-tools/vm-support

>>>>
>>>> This rather highlights why I like Arch's package manager (Pacman.) more
>>>> than APT. Pacman features a command (pacman -Qo <file>) that explicitly
>>>> checks a file you specify for package ownership.
>>>
>>> dpkg --search ${filename}

Will search for the installed *package* name
"vmtoolsd" is *not* the package name
"open-vm-tools" is

So you 'could':-
dpkg --search open-vm-tools

It's unlikely to be an attempted backdoor - more likely it was simply
unwittingly installed as part of something else e.g. open-vm-tools-dev
Anyone/thing capable of installing software requires root - while it's
possible they/it could achieve that and still be dumb enough not hide
that file, it's very unlikely.
NOTE: vmtoolsd is *not* a back door, or part of any rootkit.

To see if the package was legitimately installed:-
dpkg --get-selections | grep open-vm

In your case you'll find *you've* installed:-
open-vm-tools and open-vm-toolbox

and:-

man open-vm-tools  # unlikely even a script kiddie'd leave the
documentation for you don't you think? :)

Kind regards

Reply to:

Follow-Ups:
- Re: Am I paranoid?
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: Am I paranoid?
  - From: "John L. Ries" <jries@salford-systems.com>

References:
- Am I paranoid?
  - From: ha <hiei.arhiva@gmail.com>
- Re: Am I paranoid?
  - From: yaro@marupa.net
- Re: Am I paranoid?
  - From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>
- Re: Am I paranoid?
  - From: yaro@marupa.net
- Re: Am I paranoid?
  - From: ha <hiei.arhiva@gmail.com>

Prev by Date: Re: DHCP request IP address
Next by Date: Re: Am I paranoid?
Previous by thread: Re: Am I paranoid?
Next by thread: Re: Am I paranoid?
Index(es):
- Date
- Thread