| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070924182125.GN11455@redhat.com> Date: Mon, 24 Sep 2007 14:21:26 -0400 From: Dave Jones <davej@...hat.com> To: David Newall <david@...idnewall.com> Cc: Antoine Martin <antoine@...afix.co.uk>, tytso@...nk.org, Linux Kernel Development <linux-kernel@...r.kernel.org> Subject: Re: bug in fsck or ext2/ext3? On Tue, Sep 25, 2007 at 03:46:25AM +0930, David Newall wrote: > Dave Jones wrote: > > On Mon, Sep 24, 2007 at 05:56:39PM +0100, Antoine Martin wrote: > > > > > # rm -fr tmp/chroot.broken > > > rm: cannot remove directory (...) > > > Same result when trying to do anything to those files chown/chmod/touch: > > > "Operation not permitted" > > > > Various files in the directories it complains about have their 'i' > > bit set. lsattr will show you. chattr -i those files, and the > > directory is removable again. > > Additionally, this is a classic symptom of malware. A directory named > "..." is a big hint. That was "..." as in "more stuff follows" rather than the actual name being reported. Dave -- http://www.codemonkey.org.uk - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists