From owner-freebsd-questions  Fri Jun 19 06:33:02 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA12144
          for freebsd-questions-outgoing; Fri, 19 Jun 1998 06:33:02 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from mailhub.scl.ameslab.gov (mailhub.scl.ameslab.gov [147.155.137.127])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA12111;
          Fri, 19 Jun 1998 06:32:49 -0700 (PDT)
          (envelope-from ghelmer@scl.ameslab.gov)
Received: from demios.ether.scl.ameslab.gov ([147.155.137.54] helo=demios.scl.ameslab.gov)
	by mailhub.scl.ameslab.gov with smtp (Exim 1.90 #1)
	id 0yn1GS-0002yl-00; Fri, 19 Jun 1998 08:31:36 -0500
Date: Fri, 19 Jun 1998 08:32:33 -0500 (CDT)
From: Guy Helmer <ghelmer@scl.ameslab.gov>
To: "Vladimir N. Kovalev" <smith@scn.ru>
cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Is this a trojan horse ?
In-Reply-To: <3589FB60.B373D5F7@scn.ru>
Message-ID: <Pine.SGI.3.96.980619082506.2060C-100000@demios.scl.ameslab.gov>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 19 Jun 1998, Vladimir N. Kovalev wrote:

> Yesterday, I installed a 2.2-980607-SNAP.
> Today, I run "mtree -p / -f bin.mtree -e -K md5digest >/root/tmp/qqmtree 2>&1 &"
> and see:
> ....
> sbin/init:
>       size (204800, 208896)
>       MD5 (758865f0a57ff876be1182835ec29c10, 0407733ab6f2913bca0c0d77ca5a37f6)
>  ....
> 
> Please, tell me why this is happen ?
> Is this a trojan horse ?

It is probably not a trojan horse.  Did you install the "des" package
during your installation?  If so, /sbin/init will be different than the
/sbin/init in the "bin" distribution due to the inclusion of the des
password encoding routines in its executable.  /sbin/init is one of the
files replaced by the "des" distribution -- check it against the des.mtree
file. 

Guy Helmer

Guy Helmer, Graduate Student, Iowa State University Dept. of Computer Science 
Research Assistant, Ames Laboratory       ---         ghelmer@scl.ameslab.gov
http://www.cs.iastate.edu/~ghelmer


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message