> > > > A file, let's say, /path/to/a/file, is being modified by > > > > an unknown process P(u) at random times. Unfortunately, > > > > the name of the program ran by P(u) is unknown. > Not a lock as such, but: > > # chflags schg /path/to/a/file > > should achieve the effect you desire. Although this will cause any > write on the file to just fail, rather than causing P(u) to block > waiting for a lock. You could try replacing /path/to/a/file with a > fifo (see mkfifo(1)), and maybe hang another process on the other end > of the fifo which can run ps(1) or fstat(1) when a write is detected.
Interesting, but the results were not conclusive. I've finally found the culprit with a traditional method: * md5 (binary from an uncompromised machine) on all files * reinstalling from scratch (not buildworld, but really installing from FTP) * md5 again and diff. /bin/sh and cvsup (!!) were compromised on that machine. The malicious code was in /usr/src/bin/sh/exec.c:shellexec() Additionally, cvsup (and perhaps other programs) must have been corrupt too, because code in /usr/src/bin/sh was never updated. Ugh... system clean again at last. :) Thank you for all your help! -- Cordula's Web. http://www.cordula.ws/ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"