Date: Fri, 7 Jun 1996 14:48:47 -0400 (EDT) From: Kevin Martin <sigma@pair.com> To: freebsd-bugs@freebsd.org Subject: Randomly modified executables... Message-ID: <199606071848.OAA09748@pair>
next in thread | raw e-mail | index | archive | help
I'm experiencing such a strange problem, I hardly know where to begin. I have an ASUS P55TP4XEG, Pentium 120Mhz, 64Mb 60ns FPM RAM, Buslogic 946, external 4.3Gb Conner SCSI-II drive, SMC EtherPower NIC. The system is virtually identical to another system that runs with no troubles whatsoever. However, executables occasionally come up as slightly modified on the new system. Typically, only one byte changes. These are files that should never be written to, reflect no timestamp changes, and don't seem to have been modified with malice in mind. Sometimes the change has no effect, sometimes it results in various crashes. I've set up a monitoring program to report any diffs on cksum's of every program and library on the system. Some days nothing changes, other days a couple of files will change. I usually reload those files from the other system and continue. In one case, cksum reported a file as different, but it was OK immediately afterwards. Most of the changes have occurred under extremely light load, in some cases with only one user logged in. There is no evidence of foul play. The files so far affected have been: /usr/local/lib/libc-client.so.2.2 /usr/sbin/inetd /bin/csh /usr/libexec/telnetd They sound like targets for a hacker, but as I said, single-byte changes have resulted in the following effects: libc-client - vi could no longer redraw the screen inetd - inetd would randomly dump core csh - hitting Escape for command completion would dump core telnetd - telnetd would not execute at all The symptoms, combined with the case in which cksum came up with a wrong answer, seem to indicate some sort of "flaky" problem, either with memory or the disk controller or the drive itself. However, I really can't see why any part of these programs would ever be written to disk. In any case, I'm seeking advice or ideas. I once heard of someone with a similar problem on the FreeBSD lists, but I've been unable to track down a reference. Thanks, Kevin Martin sigma@pair.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606071848.OAA09748>