On Fri, Jan 22, 2010 at 09:20:46AM +1100, Alan L Tyree wrote:
> On Thu, 21 Jan 2010 15:54:01 -0600
> Rodolfo Martínez <[email protected]> wrote:
>
> > Hi Alan,
> >
> > You can find what package provides the ldd program, and then verify
> > the integrity of the package. If it really changed I think you should
> > look for any suspicious activity in your server.
> >
> > I think you can find the package with dpkg -S $(which ldd) and you can
> > check its integrity with debsum.
> >
> > ldd shouldn't change, unless you have updated your system.
>
> Just checking the Debian Security site
> ( http://www.debian.org/security/) I see that it was updated for the
> amd64 architecture.
>
> Thanks for the lesson on how to check out this sort of thing.
>
> Cheers,
> Alan
So everything looks fine. I wonder why rkhunter complained. Doesn't
coordinate with the packaging system?
Anyway, this reminded me of an interesting article on ldd I read the other day:
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/
Fun
Matt
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
