Date: Thu, 04 Mar 2004 15:13:15 -0600 From: Jonathan Neill <TYR124840@tyler.net> To: freebsd-questions@freebsd.org Subject: Binary file created in / with same name as root password, seemingly sporadically Message-ID: <opr4cvwdzgytod5m@smtp.tyler.net>
next in thread | raw e-mail | index | archive | help
Apologies if this is a stupid question and I should RTFM, but something on my Freebsd-5.1 box is creating a binary file in / with the same name as my root password and I was curious as to what exactly this might be. (I always SSH into the box on a regular user then su root to do work.) FreeBSD localhost 5.1-RELEASE FreeBSD 5.1-RELEASE #2: Sun Feb 29 21:36:25 CST 2004 jon@localhost:/usr/src/sys/i386/compile/jon i386 /# cat /etc/rc.conf sshd_enable="YES" ifconfig_sis0="DHCP" inetd_enable="NO" update_motd="NO" enable_quotas="NO" hostname="localhost" /# ps x PID TT STAT TIME COMMAND 0 ?? DLs 0:00.01 (swapper) 1 ?? ILs 0:00.17 /sbin/init -- 2 ?? DL 0:00.23 (g_event) 3 ?? DL 0:02.11 (g_up) 4 ?? DL 0:11.78 (g_down) 5 ?? IL 0:00.00 (acpi_task0) 6 ?? IL 0:00.00 (acpi_task1) 7 ?? IL 0:00.00 (acpi_task2) 8 ?? DL 0:00.00 (pagedaemon) 9 ?? DL 0:00.00 (vmdaemon) 10 ?? DL 0:00.00 (ktrace) 11 ?? RL 21:24.98 (idle) 12 ?? WL 0:02.10 (swi1: net) 13 ?? WL 0:03.77 (swi7: tty:sio clock) 15 ?? DL 0:00.94 (random) 18 ?? WL 0:00.00 (swi6: acpitaskq) 21 ?? WL 2:38.15 (irq14: ata0) 23 ?? WL 0:02.39 (irq11: sis0) 24 ?? WL 0:00.00 (irq6: fdc0) 31 ?? DL 0:20.40 (pagezero) 32 ?? DL 0:01.18 (bufdaemon) 33 ?? DL 0:02.34 (syncer) 34 ?? DL 0:00.02 (vnlru) 35 ?? IL 0:00.00 (nfsiod 0) 36 ?? IL 0:00.00 (nfsiod 1) 37 ?? IL 0:00.00 (nfsiod 2) 38 ?? IL 0:00.00 (nfsiod 3) 114 ?? Is 0:00.00 adjkerntz -i 185 ?? Is 0:00.00 /sbin/dhclient sis0 237 ?? Is 0:00.02 /usr/sbin/syslogd -s 365 ?? Is 0:00.22 /usr/sbin/sshd 385 ?? Ss 0:00.02 /usr/sbin/cron 401 ?? Is 0:00.00 /usr/local/sbin/smbd -D 403 ?? Ss 0:00.14 /usr/local/sbin/nmbd -D 440 ?? Is 0:00.05 sshd: jon [priv] (sshd) 63211 ?? Is 0:00.04 sshd: jon [priv] (sshd) 445 p0 I 0:00.02 su root 446 p0 I 0:00.09 _su (csh) 63808 p1 I+ 0:00.00 (sh) 63809 p1 I+ 0:00.01 (sh) 63216 p2 I 0:00.02 su root 63217 p2 S 0:00.04 _su (csh) 63874 p2 R+ 0:00.00 ps x 436 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1 437 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2 438 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3 439 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4 435 con Is+ 0:00.01 /usr/libexec/getty Pc console
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?opr4cvwdzgytod5m>