Date: Tue, 27 Dec 2016 18:04:25 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: /tmp/ecp.* created during kernel build? Message-ID: <1612271756590.79526@mx5.roble.com>
next in thread | raw e-mail | index | archive | help
Found a couple of ecp binaries in /tmp, apparently created concurrent with an 11.0 x86_64 kernel build. Anyone else seen this? Could they be related to a "make buildkernel"? # ls -l /tmp/ecp* -rw-r--r-- 1 root wheel 4229 Dec 27 06:21 ecp.Aak1ruL8 -rw-r--r-- 1 root wheel 2371 Dec 27 06:21 ecp.8Wba0TzO # file /tmp/ecp.* /tmp/ecp.8Wba0TzO: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped /tmp/ecp.Aak1ruL8: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped # strings /tmp/ecp.Aak1ruL8 belX __vdso_clock_gettime __vdso_getcpu __vdso_gettimeofday __vdso_time linux_platform linux_rt_sigcode linux_vdso.so.1 LINUX_2.6 x86_64 .symtab .strtab .shstrtab .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_d .eh_frame_hdr .eh_frame .dynamic .data .text .endrtsigcode .getip .startrtsigcode _DYNAMIC _GLOBAL_OFFSET_TABLE_ clock_gettime LINUX_2.6 __vdso_gettimeofday __vdso_getcpu gettimeofday time getcpu __vdso_clock_gettime linux_platform linux_rt_sigcode __vdso_time # strings /tmp/ecp.8Wba0TzO linux32_rt_sigcode linux32_sigcode linux32_vsyscall linux_platform linux32_vdso.so.1 LINUX_2.5 i686 .shstrtab .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_d .eh_frame_hdr .eh_frame .dynamic .data .text Is there anything else that might trace the origin of these files other than possibly another buildkernel? Thanks, Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1612271756590.79526>