From owner-freebsd-questions Wed Apr 16 12:51:22 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA19097 for questions-outgoing; Wed, 16 Apr 1997 12:51:22 -0700 (PDT) Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA19092 for ; Wed, 16 Apr 1997 12:51:19 -0700 (PDT) Received: (from softweyr@localhost) by xmission.xmission.com (8.8.5/8.7.5) id NAA12651; Wed, 16 Apr 1997 13:50:15 -0600 (MDT) From: Wes Peters - Softweyr LLC Message-Id: <199704161950.NAA12651@xmission.xmission.com> Subject: Re: 'b' Files To: neil@corpex.com (Neil) Date: Wed, 16 Apr 1997 13:50:14 -0600 (MDT) Cc: questions@freebsd.org In-Reply-To: from "Neil" at Apr 16, 97 06:13:06 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Neil Fowler Wright asked: > We recently had a disk crash, and certasin 'b' and 'c' type nonesense > files have been created. > How can we delete them? > > eg. > > b--sr-srwt 1 10 wheel 32, 538968096 May 5 16:53 1929 This is a block-special device, like a disk drive. Just rm -f 1929 in that directory. You may want to check /dev and make sure the crash didn't ruin things there as well. Also, if this appeared in a directory that is writable by users on your system, you may have uncovered a hacking attempt. For instance, if you find an entry in a users directory that looks like: crw-r----- 1 user group 2, 1 Jun 13 22:17 foo this 'user' now has the ability to snoop at kernel memory at will, and can crash the system at will (device 2,1 is the kernel memory pseudo-device). -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com