[ILUG] Grep is segfaulting...

Paul Kelly :: Blacknight Solutions paul at blacknight.ie
Fri Dec 3 14:06:35 GMT 2004 

John,

I've seen recent activity similar to this, it was a unix Virus.

It infected several key system files on the OS and when root ran any of
these, every executeable file in roots path was infected.

You should probably get a copy of f-prot or panda AV, clam onto the
system and scan it.

Just be carefull what you run as root.

Paul

> -----Original Message-----
> From: ilug-bounces at linux.ie [mailto:ilug-bounces at linux.ie] On 
> Behalf Of John Allman
> Sent: 03 December 2004 13:31
> To: ilug at linux.ie
> Subject: [ILUG] Grep is segfaulting...
> 
> 
> I'm worried this may be indicative of a more serious problem. 
> The system 
> is running debian stable and every time i run grep it segfaults.
> 
> I made a file called /tmp/break with the following contents:
> 
> bork
> bork
> bork
> 
> the following is the output of strace grep bork /tmp/break:
> 
> execve("/bin/grep", ["grep", "bork", "/tmp/break"], [/* 14 
> vars */]) = 0 uname({sys="Linux", node="mail", ...})  = 0
> brk(0)                                  = 0x80548f4
> open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or 
> directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=8366, ...}) = 0 
> old_mmap(NULL, 8366, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
> close(3)                                = 0
> open("/lib/libc.so.6", O_RDONLY)        = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 
> 1024) = 1024
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0 
> old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
> 0) = 0x40017000 mprotect(0x4012a000, 40160, PROT_NONE)  = 0 
> old_mmap(0x4012a000, 24576, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED, 
> 3, 0x113000) = 0x4012a000
> old_mmap(0x40130000, 15584, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40130000
> close(3)                                = 0
> munmap(0x40014000, 8366)                = 0
> brk(0)                                  = 0x80548f4
> brk(0x805491c)                          = 0x805491c
> brk(0x8055000)                          = 0x8055000
> --- SIGSEGV (Segmentation fault) ---
> +++ killed by SIGSEGV +++
> 
> I really am at a loss as to what is happening. I would appreciate any 
> suggestions to find out more information or any advice on the 
> matter as 
> when something as essential as grep breaks i get twitchy about a 
> horrible crash in the near future.
> 
> Thanks
> 
> John
> -- 
> Irish Linux Users' Group http://www.linux.ie/mailman/listinfo/ilug/
> 
> 
> -- 
> Email scanned by Blacknight for viruses and dangerous 
> content. Visit http://www.blacknight.ie for more information
> 


-- 
Email scanned by Blacknight for viruses and dangerous content.
Visit http://www.blacknight.ie for more information

More information about the ILUG mailing list