- i386 snapshots Dec 10

Adam Wolk Wed, 24 Dec 2014 05:57:07 -0800

Hi all,

I was doing a cursory look around my i386 laptop installation of OpenBSD
snapshot from Dec 10 obtained from ftp://ftp.icm.edu.pl/ and noticed an
unusual executable /bin/[


It has the same timestamp as all other binaries installed with the Dec
10 snapshot.
Does anyone know if this is normal and what this binary does or where it
could came from?

$ file /bin/\[                                                           
/bin/[: ELF 32-bit LSB executable, Intel 80386, version 1, for OpenBSD,
statically linked, stripped
$ 

$ sha256 /bin/\[ 
SHA256 (/bin/[) =
c7e1d47560e8d43f3430c2b7a83d92e9df2fc8d60102115b2544b72444d806d5

$ ls -l /bin            
total 16544
-r-xr-xr-x  2 root  bin   95028 Dec 10 14:57 [
-r-xr-xr-x  1 root  bin  103220 Dec 10 14:57 cat
-r-xr-xr-x  3 root  bin  242484 Dec 10 14:57 chgrp
-r-xr-xr-x  1 root  bin  111412 Dec 10 14:57 chio
-r-xr-xr-x  3 root  bin  242484 Dec 10 14:57 chmod
-r-xr-xr-x  5 root  bin  144180 Dec 10 14:57 cksum
-r-xr-xr-x  1 root  bin  119604 Dec 10 14:57 cp
-r-xr-xr-x  3 root  bin  348980 Dec 10 14:57 cpio
-r-xr-xr-x  1 root  bin  373556 Dec 10 14:57 csh
-r-xr-xr-x  1 root  bin  131892 Dec 10 14:57 date
-r-xr-xr-x  1 root  bin  103220 Dec 10 14:57 dd
-r-xr-xr-x  1 root  bin  107316 Dec 10 14:57 df
-r-xr-xr-x  1 root  bin   90932 Dec 10 14:57 domainname
-r-xr-xr-x  1 root  bin   86836 Dec 10 14:57 echo
-r-xr-xr-x  1 root  bin  168756 Dec 10 14:57 ed
-r-xr-xr-x  2 root  bin  271156 Dec 10 14:57 eject
-r-xr-xr-x  1 root  bin  131892 Dec 10 14:57 expr
-r-xr-xr-x  1 root  bin   90932 Dec 10 14:57 hostname
-r-xr-xr-x  1 root  bin   95028 Dec 10 14:57 kill
-r-xr-xr-x  3 root  bin  418612 Dec 10 14:57 ksh
-r-xr-xr-x  1 root  bin   95028 Dec 10 14:57 ln
-r-xr-xr-x  1 root  bin  238388 Dec 10 14:57 ls
-r-xr-xr-x  5 root  bin  144180 Dec 10 14:57 md5
-r-xr-xr-x  1 root  bin  103220 Dec 10 14:57 mkdir
-r-xr-xr-x  2 root  bin  271156 Dec 10 14:57 mt
-r-xr-xr-x  1 root  bin  226100 Dec 10 14:57 mv
-r-xr-xr-x  3 root  bin  348980 Dec 10 14:57 pax
-r-xr-xr-x  1 root  bin  262964 Dec 10 14:57 ps
-r-xr-xr-x  1 root  bin   90932 Dec 10 14:57 pwd
-r-xr-xr-x  3 root  bin  418612 Dec 10 14:57 rksh
-r-xr-xr-x  1 root  bin  238388 Dec 10 14:57 rm
-r-xr-xr-x  1 root  bin   99124 Dec 10 14:57 rmdir
-r-xr-xr-x  3 root  bin  418612 Dec 10 14:57 sh
-r-xr-xr-x  5 root  bin  144180 Dec 10 14:57 sha1
-r-xr-xr-x  5 root  bin  144180 Dec 10 14:57 sha256
-r-xr-xr-x  5 root  bin  144180 Dec 10 14:57 sha512
-r-xr-xr-x  1 root  bin   99124 Dec 10 14:57 sleep
-r-xr-xr-x  1 root  bin  140084 Dec 10 14:57 stty
-r-xr-xr-x  1 root  bin   86836 Dec 10 14:57 sync
-r-xr-xr-x  1 root  bin  410420 Dec 10 14:58 systrace
-r-xr-xr-x  3 root  bin  348980 Dec 10 14:57 tar
-r-xr-xr-x  2 root  bin   95028 Dec 10 14:57 test
 

$ strings /bin/\[
QRP1
[^_]
 [^]
[^_]
|Z;U
|[^_]
<[^_]
<[^_]
[^_]
tB<%u
x       ;u
[^_]
,[^_]
,[^_]
,[^_]
[^_]
,[^_]
[^_]
uT@B
uH@B
u<@B
u0@B
u$@B
[^_]
<[^_]
[^_]
[^_]
[^_]
t\<0
gfff
[^_]
[^_]
[^_]
[^_]
\[^_]
[^_]
l[^_]
$^_]
[^_]
<[^_]
P^_]
P^_]
0^_]
`^_]
L[^_]
,[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
,[^_]
,[^_]
,[^_]
<[^_]
t2)u
<[^_]
v69u
[^_]
9G(u
,[^_]
,[^_]
,[^_]
0[^]
[^_]
,[^_]
[^_]
[^_]
L[^_]
<<<w
|[^_]
L[^_]
L[^_]
L[^_]
L[^_]
[^_]
,[^_]
f       DV
,[^_]
,[^_]
[^_]
[^_]
f1|H
f       DQ
[^_]
[^_]
[^_]
<[^_]
[^_]
P[^_]
[^_]
\[^_]
,[^_]
<[^_]
<[^_]
%s: %s
%s: out of range
%s: bad number
argument expected
closing paren expected
missing ]
unknown operand
getn
binop
nexpr
_errx
%s: 
fprintf
__stack_smash_handler
stack overflow in function %s
syslog_r
__vsyslog_r
<%d>
[%ld]
Error %d
/dev/console
syslog%s: unknown facility/priority: %x
libc
Unknown signal: 
Unknown error: 
load_msgcat
_catopen
NLSPATH
LC_ALL
LC_MESSAGES
LANG
POSIX
/usr/share/nls/%L/%N.cat:/usr/share/nls/%l.%c/%N.cat:/usr/share/nls/%l/%N.cat
Undefined error: 0
Operation not permitted
No such file or directory
No such process
Interrupted system call
Input/output error
Device not configured
Argument list too long
Exec format error
Bad file descriptor
No child processes
Resource deadlock avoided
Cannot allocate memory
Permission denied
Bad address
Block device required
Device busy
File exists
Cross-device link
Not a directory
Is a directory
Invalid argument
Too many open files in system
Too many open files
Text file busy
File too large
No space left on device
Illegal seek
Read-only file system
Too many links
Broken pipe
Result too large
Operation now in progress
Operation already in progress
Destination address required
Message too long
Protocol not available
Protocol not supported
Socket type not supported
Operation not supported
Protocol family not supported
Address already in use
Network is down
Network is unreachable
Connection reset by peer
No buffer space available
Socket is already connected
Socket is not connected
Operation timed out
Connection refused
File name too long
Host is down
No route to host
Directory not empty
Too many processes
Too many users
Disk quota exceeded
Stale NFS file handle
RPC struct is bad
RPC version wrong
RPC prog. not avail
Program version wrong
Bad procedure for program
No locks available
Function not implemented
Authentication error
Need authenticator
IPsec processing failure
Attribute not found
Illegal byte sequence
No medium found
Wrong medium type
Operation canceled
Identifier removed
No message of desired type
Not supported
Operation not supported by device
Inappropriate ioctl for device
Numerical argument out of domain
Resource temporarily unavailable
Socket operation on non-socket
Protocol wrong type for socket
Address family not supported by protocol family
Can't assign requested address
Network dropped connection on reset
Software caused connection abort
Can't send after socket shutdown
Too many references: can't splice
Too many levels of symbolic links
Too many levels of remote in path
Inappropriate file type or format
Value too large to be stored in data type
Signal 0
Hangup
Interrupt
Quit
Illegal instruction
Trace/BPT trap
Abort trap
EMT trap
Floating point exception
Killed
Bus error
Segmentation fault
Bad system call
Alarm clock
Terminated
Urgent I/O condition
Suspended (signal)
Suspended
Continued
Child exited
Stopped (tty input)
Stopped (tty output)
I/O possible
Cputime limit exceeded
Filesize limit exceeded
Virtual timer expired
Profiling timer expired
Window size changes
Information request
User defined signal 1
User defined signal 2
Thread AST
vsnprintf
         (((((                  
AAAAAA
BBBBBB
getenv
snprintf
__find_arguments
__vfprintf
0123456789ABCDEF0123456789abcdefnan
(null)
bug in vfprintf: bad base
__dtoa
Infinity
?aCoc
`__ldtoa
__gdtoa
<2ZGU
?__trailz_D2A
__b2d_D2A
__d2b_D2A
O8M2
[%Co
vH7B
W4vC
__umoddi3
__qdivrem
alnum
alpha
blank
cntrl
graph
lower
print
punct
space
upper
xdigit
NONE
UTF8
_citrus_utf8_ctype_wcsnrtombs
abort
__swhatbuf
__smakebuf
getpagesize
isatty
_signal
^[Yy]
^[Nn]
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
June
July
August
September
October
November
December
%a %b %e %H:%M:%S %Y
%m/%d/%y
%H:%M:%S
%I:%M:%S %p
wrterror
malloc_init
malloc() warning: unknown char in MALLOC_OPTIONS
(%d) in 
recursive call
chunk info corrupted
modified chunk-pointer
chunk is already free
regions_total not 2^x
internal struct corrupt
munmap
/etc/malloc.conf
MALLOC_OPTIONS
malloc init mmap failed
out of memory
malloc cache
munmap round
malloc cache underflow
malloc free slot lost
malloc cache overflow
bogus pointer (double free?)
bogus pointer
guard size
mprotect
double free
free():
pp & bits
posix_memalign():
mapalign bad alignment
mapalign round
calloc():
realloc():
malloc():
free() called before allocation
memcpy
backwards memcpy
chacha_encrypt_bytes
_rs_stir
arc4random
expand 32-byte kexpand 16-byte k
<0000000000000000                 z
RuneCT10NONE
OpenBSD


Regards,
-- 
  Adam Wolk
  adam.w...@koparo.com

Weird executable in /bin/ - i386 snapshots Dec 10

Reply via email to