Cryptic filenames in / of FC7T1 - devel - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Cryptic filenames in / of FC7T1

rawhide report: 20070204 changes

Failed instalation of Fedora 7t1...

Bernd Bartmann

Saturday, 3 February 2007 Sat, 3 Feb '07

3:08 p.m.

Hi, I've found some cryptic named files in under / in FC7T1: a-7QeJ HXv5pB xI6TYx Zgu_vF All files are 4 bytes long and contain "blat". Where do they come from? Best regards, Bernd.

Reply

Show replies by date

Jesse Keating

Saturday, 3 February Sat, 3 Feb

3:17 p.m.

On Saturday 03 February 2007 16:08, Bernd Bartmann wrote:

I've found some cryptic named files in under / in FC7T1: a-7QeJ HXv5pB xI6TYx Zgu_vF All files are 4 bytes long and contain "blat". Where do they come from?

So... this doesn't sound so good. Are they in / or in a subdirectory. Who owns the files? What are the timestamps on the files? When was the last time you walked away while logged in? Are you still connected to the network? Have you seen a jump in your traffic? -- Jesse Keating Release Engineer: Fedora

Reply

Bernd Bartmann

3:30 p.m.

On 2/3/07, Jesse Keating <jkeating(a)redhat.com> wrote:

On Saturday 03 February 2007 16:08, Bernd Bartmann wrote: > I've found some cryptic named files in under / in FC7T1: > > a-7QeJ > HXv5pB > xI6TYx > Zgu_vF > > All files are 4 bytes long and contain "blat". Where do they come from? So... this doesn't sound so good. Are they in / or in a subdirectory.

They are directly under /.

Who owns the files? What are the timestamps on the files?

-rw------- 1 root root 4 3. Feb 20:49 a-7QeJ -rw------- 1 root root 4 3. Feb 22:22 h6fs6y -rw------- 1 root root 4 3. Feb 22:22 HOB-pX -rw------- 1 root root 4 3. Feb 21:01 HXv5pB -rw------- 1 root root 4 3. Feb 21:01 xI6TYx -rw------- 1 root root 4 3. Feb 20:49 Zgu_vF

When was the last time you walked away while logged in? Are you still connected to the network? Have you seen a jump in your traffic?

Your question seems to suggest some kind of malware!? This is certainly not the case. I more suspect some of the init scripts redirecting output where it shouldn't. The system is a freshly installed FC7T1 + some reboots. No one besides myself has access to the system. Best regards, Bernd.

Reply

Curtis Doty

3:48 p.m.

10:08pm Bernd Bartmann said:

I've found some cryptic named files in under / in FC7T1: a-7QeJ HXv5pB xI6TYx Zgu_vF All files are 4 bytes long and contain "blat". Where do they come from?

Python does that in tempfile while looking for a tempdir. Something must be b0rk when it tries to unlink the blatness. ../C

Reply

Tom London

6:28 p.m.

On 2/3/07, Curtis Doty <Curtis(a)greenkey.net> wrote:

10:08pm Bernd Bartmann said: > > I've found some cryptic named files in under / in FC7T1: > > a-7QeJ > HXv5pB > xI6TYx > Zgu_vF > > All files are 4 bytes long and contain "blat". Where do they come from? > Python does that in tempfile while looking for a tempdir. Something must be b0rk when it tries to unlink the blatness. ../C

I believe these are coming from setroubleshootd. BZ'd here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=222498 tom -- Tom London

Reply

6291

days inactive

6292

days old

devel@lists.fedoraproject.org

Manage subscription

4 comments

4 participants

tags (0)

participants (4)

Bernd Bartmann
Curtis Doty
Jesse Keating
Tom London