19 messages in ru.sysoev.nginxRe: Compile pronlem with old centosls| From | Sent On | Attachments |
|---|---|---|
| Alejandro Martínez | Jun 15, 2009 7:35 am | |
| Igor Sysoev | Jun 15, 2009 10:46 am | |
| Alejandro Martínez | Jun 15, 2009 12:12 pm | |
| Igor Sysoev | Jun 15, 2009 1:07 pm |  .redhat |
| Denis F. Latypoff | Jun 16, 2009 12:39 am | |
| Igor Sysoev | Jun 16, 2009 12:51 am | |
| Alejandro Martínez | Jun 16, 2009 6:15 am | |
| Igor Sysoev | Jun 16, 2009 6:21 am | |
| Alejandro Martínez | Jun 16, 2009 7:06 am | |
| Igor Sysoev | Jun 16, 2009 7:16 am | |
| Alejandro Martínez | Jun 16, 2009 7:38 am | |
| Igor Sysoev | Jun 16, 2009 7:43 am | |
| Alejandro Martínez | Jun 16, 2009 8:17 am | |
| Alejandro Martínez | Jun 16, 2009 10:41 am | |
| Cliff Wells | Jun 16, 2009 11:03 am | |
| Alejandro Martínez | Jun 16, 2009 11:57 am | |
| Cliff Wells | Jun 16, 2009 12:34 pm | |
| Alejandro Martínez | Jun 16, 2009 1:21 pm | |
| Cliff Wells | Jun 16, 2009 2:56 pm |
| Subject: | Re: Compile pronlem with old centosls | |
|---|---|---|
| From: | Cliff Wells (cli...@develix.com) | |
| Date: | Jun 16, 2009 12:34:47 pm | |
| List: | ru.sysoev.nginx | |
On Tue, 2009-06-16 at 20:58 +0200, Alejandro Martínez wrote:
Cliff Wells wrote:
On Tue, 2009-06-16 at 17:18 +0200, Alejandro Martínez wrote:
i have a perl script in /usr/include/linux/limits.h
Have you inspected this script? I'd be concerned that this system might be compromised.
Regards, Cliff
this is what it had:
[root@s164 nginx-0.8.1]# cat /usr/include/linux/limits.h #!/usr/bin/perl
# Copyright (C) 2003 Simon Josefsson
# This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version.
# This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details.
# You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA.
# I consider the output of this program to be unrestricted. Use it as # you will.
while (<>) { s, \* @(.*):, * \\param $1,g; print $_; } ct/gobject-Type-Information.html#g-type-init-with-debug-flags"> <ANCHOR id="g-type-name" href="gobject/gobject-Type-Information.html#g-type-name"> <ANCHOR id="g-type-qname" href="gobject/gobject-Type-Information.html#g-type-qname"> <ANCHOR id="g-type-from-name" href="gobject/gobject-Type-Information.html#g-type-from-name"> <ANCHOR id="g-type-parent" href="gobject/gobject-Type-Information.html#g-type-parent"> <ANCHOR id="g-type-depth" href="gobject/gobject-Type-Information.html#g-type-depth"> <ANCHOR id="g-type-next-base" href="gobject/gobject-Type-Information.html#g-type-next-base"> <ANCHOR id="g-type-is-a" href="gobject/gobject-Type-Information.html#g-type-is-a"> <ANCHOR id="g-type-class-ref" href="gobject/gobject-Type-Information.html#g-type-class-ref"> <ANCHOR id="g-type-class-peek" href="gobject/gobject-Type-Information.html#g-type-class-peek"> <ANCHOR id="g-type-class-peek-static" href="gobject/gobject-Type-Information.html#g-type-class-peek-static"> <ANCHOR id="g-type-class-unref" href="gobject/gobject-Type-Information.html#g-type-class-unref"> <ANCHOR id="g-type-class-peek-parent" href="gobject/gobject-Type-Information.html#g-type-class-peek-parent"> <ANCHOR id="g-type-class-add-private" href="gobject/gobject-Type-Information.html#g-type-class-add-private"> <ANCHOR id="g-type-interface-peek" href="gobject/gobject-Type-Information.html#g-type-interface-peek"> <ANCHOR id="g-type-interface-peek-parent" href="gobject/gobject-Type-Information.html#g-type-interface-peek-parent"> <ANCHOR id="g-type-default-interface-ref" href="gobject/gobject-Type-Information.html#g-type-default-interface-ref"> <ANCHOR id="g-type-default-interface-peek" href="gobject/gobject-Type-Information.html#g-type-default-interface-peek"> <ANCHOR id="g-type-default-interface-unref" href="gobject/gobject-Type-Information.html#g-type-default-interface-unref"> <ANCHOR id="g-type-children" href="gobject/gobject-Type-Information.html#g-type-children"> <ANCHOR id="g-type-interfaces" href="gobject/gobject-Type-Information.html#g-type-interfaces"> <ANCHOR id="g-type-interface-prerequisites" href="gobject/gobject-Type-Information.html#g-type-interface-prerequisites"> <ANCHOR id="g-type-set-qdata" href="gobject/gobject-Type-Information.html#g-type-set-qdata"> <ANCHOR id="g-type-get-qdata" href="gobject/gobject-Type-Information.html#g-type-get-qdata"> <ANCHOR id="g-type-query" href="gobject/gobject-Type-Information.html#g-type-query"> <ANCHOR id="GTypeQuery" href="gobject/gobject-Type-Information.html#GTypeQuery"> <ANCHOR id="GBaseInitFunc" href="gobject/gobject-Type-Information.html#GBaseInitFunc"> <ANCHOR id="GBaseFinalizeFunc" href="gobject/gobject-Type-Information.html#GBaseFinalizeFunc"> <ANCHOR id="GClassInitFunc" href="gobject/gobject-Type-Information.html#GClassInitFunc"> <ANCHOR id="GClassFinalizeFunc" href="gobject/gobject-Type-Information.html#GClassFinalizeFunc"> <ANCHOR id="GInstanceInitFunc" href="gobject/gobject-Type-Information.html#GInstanceInitFunc"> <ANCHOR id="GInterfaceInitFunc" href="gobject/gobject-Type-Information.html#GInterfaceInitFunc"> <ANCHOR id="GInterfaceFinalizeFunc" href="gobject/gobject-Type-Information.html#GInterfaceFinalizeFunc"> <ANCHOR id="GTypeClassCacheFunc" href="gobject/gobject-Type-Information.html#GTypeClassCacheFunc"> <ANCHOR id="GTypeFlags" href="gobject/gobject-Type-Information.html#GTypeFlags"> <ANCHOR id="GTypeFundamentalFlags" href="gobject/gobject-Type-Information.html#GTypeFundamentalFlags"> <ANCHOR id="g-type-register-static" href="gobject/gobject-Type-Information.html#g-type-register-static"> <ANCHOR id="g-type-register-dynamic" href="gobject/gobject-Type-Information.html#g-type-register-dynamic"> <ANCHOR id="g-type-register-fundamental" href="gobject/gobject-Type-Information.html#g-type-register-fundamental"> <ANCHOR id="g-type-add-interface-static" href="gobject/gobject-Type-Information.html#g-type-add-interface-static"> <ANCHOR id="g-type-add-interface-dynamic" href="gobject/gobject-Type-Information.html#g-type-add-interface-dynamic"> ....... ad infinitum.
This doesn't look like it would actually do anything (it ceases to be valid Perl syntax after the first closing brace, and the Perl itself doesn't do much either).
It's possible someone with root just fat-fingered it and overwrote that file with junk.
Another possibility is you've got filesystem corruption and/or cross-linked files (which is what it looks like to me). At the very least I'd fsck this box, check your logs for unusual errors and run memtest86 on it overnight (bad RAM = corrupt FS).
If everything comes back clean, then I'd still consider reinstalling *all* the existing packages, followed by checking for .rpmnew packages anywhere except /etc (rpm won't usually overwrite changed files).
In any case, I'd seriously hesitate to put this system into production in its current state. Is there some reason you don't wipe it and reinstall (maybe even a newer version of CentOS?).
Cliff