error with man
Jason Stephenson
jason at sigio.com
Mon Feb 24 11:53:03 EST 2003
If you consider having KDE and artsd installed on your machine as being
compromised, then yes. :-)
This script doesn't appear to be part of any root kit that I've every
seen, and I've dealt with cleaning up many compromised boxes.
The real question is why a wrapper script for gunzip was installed. I
have no idea why gunzip would need to be a wrapper for artsd, since
artsd deals with sound. That's a question for the artsd developers, and
I never was on that mailing list.
It's possible this could be the result of filesystem corruption,
possibly the result of a crash or something else. It's still possible
your machine was compromised, but this script doesn't show any
indication of that.
Karthik Vishwanath wrote:
> On Mon, 24 Feb 2003, mike ledoux wrote:
>
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Please don't top post.
>>
>>On Mon, Feb 24, 2003 at 12:03:52AM -0500, Karthik Vishwanath wrote:
>>
>>>its gunzip. The /etc/man.config had a line that read:
>>>
>>>.gz /usr/bin/gunzip -c
>>>changing that to
>>>.gz /bin/gunzip -c,
>>>solved the error. /usr/bin/gunzip was a bash script, while /bin/gunzip was
>>>an executable. Why does this distinction exist?
>>
>>That's strange. /usr/bin/gunzip should just be a symlink to /bin/gunzip.
>>What are the contents of /usr/bin/gunzip? Is it possible that this
>>machine has been compromised?
>>
>
>
>
> Can I verify if the machine's compromised? Have attached the script of
> /usr/bin/gunzip to this email (if thats not protocol, apologies).
>
>
> Thanks,
>
>
> ------------------------------------------------------------------------
>
> #!/bin/sh
> # artsdsp - wrapper script to allow *some* binary only programs to use artsd
> # based on the esddsp script
>
> # keep this in sync with artsversion.h
> version="1.0.0"
>
> # default values for script variables
> verbose=0
> set_name=0
> single_thread=0
>
> # check for artsdsp options
> while test $# -gt 0; do
>
> case "$1" in
>
> -h|--help)
> echo "artsdsp - attempt to reroute audio device to artsd"
> echo " "
> echo "artsdsp [options] application arguments"
> echo " "
> echo "options:"
> echo "-h, --help show brief help"
> echo "-n, --name=NAME use name to identify player to artsd"
> echo "-m, --mmap emulate memory mapping (i.e. for quake)"
> echo "-s, --single-threaded use the single-threaded version"
> echo "-v, --verbose show parameters"
> echo "-V, --version show version"
> exit 0
> ;;
>
> -n)
> shift
> if test $# -gt 0; then
> export ARTSDSP_NAME=$1
> else
> echo "no player name specified"
> exit 1
> fi
> shift
> set_name=1
> ;;
>
> --name*)
> export ARTSDSP_NAME=`echo $1 | sed -e 's/^[^=]*=//g'`
> set_name=1
> shift
> ;;
>
> -v|--verbose)
> verbose=1
> shift
> ;;
>
> -V|--version)
> echo "artsdsp $version"
> exit
> ;;
>
> -m|--mmap)
> export ARTSDSP_MMAP=1
> shift
> ;;
>
> -s|--single-threaded)
> single_thread=1
> shift
> ;;
>
> *)
> # no more artsdsp options, get on with life
> break
> ;;
> esac
> done
>
> # echo options if verbose specified
> if test "$verbose" = 1; then
> ARTSDSP_VERBOSE=1
> export ARTSDSP_VERBOSE
> echo "artsdsp: $version"
> echo "name: $ARTSDSP_NAME"
> echo "command line: $@"
> if test "$single_thread" = 1; then
> echo "threaded: no"
> else
> echo "threaded: yes"
> fi
> fi
>
> # setup artsdsp preload to hijack calls made to /dev/dsp
> prefix=/usr
> exec_prefix=${prefix}
> libdir=${exec_prefix}/lib
>
> if test "$single_thread" = 1; then
> LD_PRELOAD=${libdir}/libartsdsp_st.so.0
> else
> LD_PRELOAD=${libdir}/libartsdsp.so.0:${libdir}/libartsc.so.0
> fi
> if test -f /lib/libdl.so.2; then
> LD_PRELOAD=$LD_PRELOAD:/lib/libdl.so.2
> fi
> export LD_PRELOAD
>
> # invoke the program with the args given
> exec "$@"
More information about the gnhlug-discuss
mailing list