From owner-freebsd-questions@FreeBSD.ORG  Thu Mar  4 13:11:12 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1145016A4CE
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Mar 2004 13:11:12 -0800 (PST)
Received: from fe5.cox-internet.com (fe5-cox.cox-internet.com [66.76.2.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AE8D943D39
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Mar 2004 13:11:11 -0800 (PST)
	(envelope-from TYR124840@tyler.net)
Received: from jon ([66.76.250.50]) by fe5.cox-internet.com
	ac98e04b23802b25ff26d48c352bda07)
	with ESMTP id <20040304211109.AKA377.fe5@jon>
	for <freebsd-questions@freebsd.org>;
	Thu, 4 Mar 2004 15:11:09 -0600
To: freebsd-questions@freebsd.org
From: Jonathan Neill <TYR124840@tyler.net>
Organization: Jon
Content-Type: text/plain; format=flowed; charset=iso-8859-15
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Date: Thu, 04 Mar 2004 15:13:15 -0600
Message-ID: <opr4cvwdzgytod5m@smtp.tyler.net>
User-Agent: Opera7.23/Win32 M2 build 3227
Subject: Binary file created in / with same name as root password, seemingly
	sporadically
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2004 21:11:12 -0000

Apologies if this is a stupid question and I should RTFM, but something on 
my Freebsd-5.1 box is creating a binary file in / with the same name as my 
root password and I was curious as to what exactly this might be. (I 
always SSH into the box on a regular user then su root to do work.)


FreeBSD localhost 5.1-RELEASE FreeBSD 5.1-RELEASE #2: Sun Feb 29 21:36:25 
CST 2004     jon@localhost:/usr/src/sys/i386/compile/jon  i386


/# cat /etc/rc.conf
sshd_enable="YES"
ifconfig_sis0="DHCP"
inetd_enable="NO"
update_motd="NO"
enable_quotas="NO"
hostname="localhost"


/# ps x
   PID  TT  STAT      TIME COMMAND
     0  ??  DLs    0:00.01  (swapper)
     1  ??  ILs    0:00.17 /sbin/init --
     2  ??  DL     0:00.23  (g_event)
     3  ??  DL     0:02.11  (g_up)
     4  ??  DL     0:11.78  (g_down)
     5  ??  IL     0:00.00  (acpi_task0)
     6  ??  IL     0:00.00  (acpi_task1)
     7  ??  IL     0:00.00  (acpi_task2)
     8  ??  DL     0:00.00  (pagedaemon)
     9  ??  DL     0:00.00  (vmdaemon)
    10  ??  DL     0:00.00  (ktrace)
    11  ??  RL    21:24.98  (idle)
    12  ??  WL     0:02.10  (swi1: net)
    13  ??  WL     0:03.77  (swi7: tty:sio clock)
    15  ??  DL     0:00.94  (random)
    18  ??  WL     0:00.00  (swi6: acpitaskq)
    21  ??  WL     2:38.15  (irq14: ata0)
    23  ??  WL     0:02.39  (irq11: sis0)
    24  ??  WL     0:00.00  (irq6: fdc0)
    31  ??  DL     0:20.40  (pagezero)
    32  ??  DL     0:01.18  (bufdaemon)
    33  ??  DL     0:02.34  (syncer)
    34  ??  DL     0:00.02  (vnlru)
    35  ??  IL     0:00.00  (nfsiod 0)
    36  ??  IL     0:00.00  (nfsiod 1)
    37  ??  IL     0:00.00  (nfsiod 2)
    38  ??  IL     0:00.00  (nfsiod 3)
   114  ??  Is     0:00.00 adjkerntz -i
   185  ??  Is     0:00.00 /sbin/dhclient sis0
   237  ??  Is     0:00.02 /usr/sbin/syslogd -s
   365  ??  Is     0:00.22 /usr/sbin/sshd
   385  ??  Ss     0:00.02 /usr/sbin/cron
   401  ??  Is     0:00.00 /usr/local/sbin/smbd -D
   403  ??  Ss     0:00.14 /usr/local/sbin/nmbd -D
   440  ??  Is     0:00.05 sshd: jon [priv] (sshd)
63211  ??  Is     0:00.04 sshd: jon [priv] (sshd)
   445  p0  I      0:00.02 su root
   446  p0  I      0:00.09 _su (csh)
63808  p1  I+     0:00.00  (sh)
63809  p1  I+     0:00.01  (sh)
63216  p2  I      0:00.02 su root
63217  p2  S      0:00.04 _su (csh)
63874  p2  R+     0:00.00 ps x
   436  v1  Is+    0:00.01 /usr/libexec/getty Pc ttyv1
   437  v2  Is+    0:00.01 /usr/libexec/getty Pc ttyv2
   438  v3  Is+    0:00.01 /usr/libexec/getty Pc ttyv3
   439  v4  Is+    0:00.01 /usr/libexec/getty Pc ttyv4
   435 con  Is+    0:00.01 /usr/libexec/getty Pc console