Re: LKM Trojan installed
From: Brian Hatch (focus-linux@ifokr.org)
Date: 02/18/03
- Previous message: Felix Cuello: "entropy + openSSL question"
- In reply to: Nick Austin: "Re: LKM Trojan installed"
- Next in thread: Chris Rouch: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Feb 2003 14:30:46 -0800 From: Brian Hatch <focus-linux@ifokr.org> To: Nick Austin <nick@digitalpipe.net>
> On Wed, 12 Feb 2003, Rivanor P. Soares wrote:
>
> > 5) And, is this *normal* ?
> > [root@localhost /]# lsattr -d /proc/
> > lsattr: Inappropriate ioctl for device While reading flags on /proc/
>
> Yes, this is normal. I see the same thing on my box.
lsattr lists filesystem extended attributes. These attributes
are only possible on ext2 and ext3 filesystems. They do not work
on reiserfs, xfs, jfs, fat32, ntfs, etc etc etc, and they also
do not work on virtual filesystems like /proc.
/proc is not a real filesystem, the files you see there are being
presented by the kernel as a way to view (and in some cases set)
kernel parameters. These are not real files, which is why you
see bogus file sizes when doing an 'ls -l' for example. They
are simply hooks into the information the kernel wants to make
available. Normal file permissions (root-write for modifiable
settings, user-write for /proc/$PID, and world read only for
the rest) are all you have available, no extended attributes in
/proc.
-- Brian Hatch "It is not my day for Systems and talking seriously. I Security Engineer only talk seriously http://www.ifokr.org/bri/ on the first tuesday of the month." Every message PGP signed
- application/pgp-signature attachment: stored
- Next message: Seth Arnold: "Re: entropy + openSSL question"
- Previous message: Felix Cuello: "entropy + openSSL question"
- In reply to: Nick Austin: "Re: LKM Trojan installed"
- Next in thread: Chris Rouch: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
