From owner-freebsd-security@FreeBSD.ORG Fri May 21 12:58:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2DE716A4CE for ; Fri, 21 May 2004 12:58:09 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 4688343D31 for ; Fri, 21 May 2004 12:58:09 -0700 (PDT) (envelope-from sirmoo@cowbert.net) Received: (qmail 57251 invoked by uid 1001); 21 May 2004 19:57:46 -0000 Date: Fri, 21 May 2004 15:57:46 -0400 From: "Peter C. Lai" To: RazorOnFreeBSD Message-ID: <20040521195746.GE46542@cowbert.net> References: <021f01c43f3a$e7eb7f40$0f01a8c0@razor> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="7LkOrbQMr4cezO2T" Content-Disposition: inline In-Reply-To: <021f01c43f3a$e7eb7f40$0f01a8c0@razor> User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: Hacked or not ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 19:58:09 -0000 --7LkOrbQMr4cezO2T Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > ioctl(1,TIOCGETA,0xbfbff534) =3D 0 (0x0) > ioctl(1,TIOCGWINSZ,0xbfbff5a8) =3D 0 (0x0) > getuid() =3D 0 (0x= 0) > readlink("etc/malloc.conf",0xbfbff490,63) ERR#2 'No such file or d= irectory' #SUSPICIOUS > mmap(0x0,4096,0x3,0x1002,-1,0x0) =3D 671666176 (0x2808d000) > break(0x809b000) =3D 0 (0x0) > break(0x809c000) =3D 0 (0x0) > break(0x809d000) =3D 0 (0x0) > break(0x809e000) =3D 0 (0x0) > .........................................................................= =2E.................and so on! Looks normal to me here...not really sure why that is suspicious to you. (it's just trying to load malloc.conf for malloc options). --=20 Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ --7LkOrbQMr4cezO2T Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIIlAYJKoZIhvcNAQcCoIIIhTCCCIECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BhgwggLRMIICOqADAgECAgMMH+owDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAj BgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDQxNDA2NDI1N1oXDTA1MDQxNDA2 NDI1N1owRDEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEhMB8GCSqGSIb3DQEJ ARYSc2lybW9vQGNvd2JlcnQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA xA5u/s2bmcc96AAzAw3xp1rBb3P0JHVzG5XtXTtIgMLZwVQJTQWYSo4bNS0Jl4x6sO7yHxOI B7eJ2eOx2pMPhdW3lLloukuQQI+1x9Ti3W4h0yxAhn867UPR1UWz0xp1PoO4j9wg9N6FZC+m ACdp/o74o/86FaTYlLXPM243VwfRaIQPfRjDGsFIMUga9yDQvWRizxKS0ucm3rtUohizhdtV 2DeXCYOOv1ojOaRpBcukJPXdhYcoOl4qxU/YBtou5n0RJzhggSvMKKJWIwwqF0RacYdGVMst crIlsMq4VTG/i+F+lPX5+ugHWPOZV3Fe17eTJ/BwTKe8Tr4QduA1rwIDAQABoy8wLTAdBgNV HREEFjAUgRJzaXJtb29AY293YmVydC5uZXQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQF AAOBgQCXEIquVkTtK1C/eWYFUIQP1+JRA2QT5LxBMlrPDfOHGvtMSNbLs7y2YJXur8KFkwCo 4XybEqfcGyyAss2A1gE1BvagvCeAXUqTEbtEklUEGsM1Fh/XS1c2ug/UMonKW54LrgXUGxwy Xjn6LdBSvH/w5/Fw6Yp1juayjvY2l5k46DCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEF BQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh cGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmlj YXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVl bWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAe Fw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8 VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUP SAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1Ud HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVt YWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0 ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOW lJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN 3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggJE MIICQAIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAo UHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBD QQIDDB/qMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNMDQwNTIxMTk1NzQ2WjAjBgkqhkiG9w0BCQQxFgQUBmf8obbd1Hl/+eQr1zv7 M3oy3WUwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYI KoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA k4/KX7PCsKbpmHEDstehdp0fwXdZy1U+KAaKsgfeAqjSwQ4lzVs32VjxeSePTG+wKQ0TmIqF eMRYTq0JvNStdvQlg0x0+OxL5kBO/3TRZlMpstp/Ymy2jS+zfPlRFOJBSdpEJT7ffLTHBIEO 4+oJJ6wNa1AQa4Y5EqYQqzBYOk6LV4zDNoiAFBR/VO06hQAZt+VNAEiwIVy9Kk/11U9qjME1 LTTAOSTBV6wgZxmlBbj0gflYts19I1VPbR2+VBnTQqBbqMrzOKKCUdMh7zP6ZxjRN/EO8GJY BzL8LyTVw5Jg4uMUWj73ox0ngAB5hdQ0imkTKFkc8Um3CeZ6pINLeQ== --7LkOrbQMr4cezO2T--