| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87abj3nibc.fsf@duaron.myhome.or.jp> Date: Wed, 07 May 2008 08:06:47 +0900 From: OGAWA Hirofumi <hirofumi@...l.parknet.co.jp> To: Willy Tarreau <w@....eu> Cc: Jan Engelhardt <jengelh@...ozas.de>, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: bad pmd ffff810000207808(9090909090909090). Willy Tarreau <w@....eu> writes: >> I see. I'm not sure, but I didn't notice this soon, maybe it worked as >> almost usual. > > I got immediate same feeling as Jan here. It looks very much like someone > has tried to inject code into your system. The problem is that you don't > know if this finally succeeded. Maybe some backdoor is now installed in > your kernel. If I were you, I would isolate the machine, reboot it on CD > and check MD5s (particularly the ones of the kernel and modules) before > rebooting it. Hm.. I've checked md5sum as far as I can do (/var/lib/dpkg/info/*.md5sums). It seems to have no difference except data files. And this machine is in back of firewall of other machine, and the kernel is builded from source each every day or a hour or such. So, it is unlikely... Thanks. -- OGAWA Hirofumi <hirofumi@...l.parknet.co.jp> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists