* [gentoo-dev] su generates strange files called "1"
@ 2002-02-16 23:32 Arno Wilhelm
0 siblings, 0 replies; only message in thread
From: Arno Wilhelm @ 2002-02-16 23:32 UTC (permalink / raw
To: bugs; +Cc: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1681 bytes --]
Hello,
for some time know I realized files called "1" in my working directories.
I could find out that they always appeared after I have issued a "su" command.
So I tried to find out wether it could be a rootkit by running chkrootkit:
jambalaia etc # chkrootkit | fgrep su
Checking `su'... not infected
Then I reinstalled the su command by "emerge sys-apps/shadow", after I did a "emerge rsync".
The ls command showed me a newly created su command in the /bin directory.
But nevertheless the su command creates files called "1".
So I piped the output of "strace su" to a file and grepped for "open" and
really it opens a file called "1" for writing with a "largefile" flag.
Here is the most interesting part of the strace command.
open("1", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3
fcntl64(0x1, 0x1, 0, 0x1) = 0
fcntl64(0x1, 0, 0xa, 0x1) = 10
fcntl64(0x1, 0x1, 0, 0xa) = 0
fcntl64(0xa, 0x2, 0x1, 0xa) = 0
dup2(3, 1) = 1
close(3) = 0
stat64("/etc/profile", {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
open("/etc/profile", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
read(3, "if [ -e \"/etc/profile.env\" ]\nthe"..., 757) = 757
close(3) = 0
Does anybody know why su behaves like this? For me it seems very strange ...
I will attach the su binary and the strace logfile,
Arno
--
/\ ._._ _ \ /o||_ _ |._ _
/--\| | |(_) \/\/ ||| |(/_|| | |
tel: +43 676 9263473
fax: +43 5252 6127
http: www.quirxi.com
mail: arno.wilhelm(a)quirxi.com
[-- Attachment #2: out.txt --]
[-- Type: text/plain, Size: 49252 bytes --]
execve("/bin/su", ["su"], [/* 30 vars */]) = 0
brk(0) = 0x805329c
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=59972, ...}) = 0
old_mmap(NULL, 59972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000
close(3) = 0
open("/usr/lib/libshadow.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20)\0\000"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=41632, ...}) = 0
old_mmap(NULL, 95328, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40025000
mprotect(0x4002e000, 58464, PROT_NONE) = 0
old_mmap(0x4002e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x8000) = 0x4002e000
old_mmap(0x40030000, 50272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40030000
close(3) = 0
open("/lib/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\16\0\000"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=22084, ...}) = 0
old_mmap(NULL, 184188, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4003d000
mprotect(0x40042000, 163708, PROT_NONE) = 0
old_mmap(0x40042000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x40042000
old_mmap(0x40043000, 159612, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40043000
close(3) = 0
open("/lib/libpam.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\35\0\000"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=30288, ...}) = 0
old_mmap(NULL, 32664, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4006a000
mprotect(0x40071000, 3992, PROT_NONE) = 0
old_mmap(0x40071000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) = 0x40071000
close(3) = 0
open("/lib/libpam_misc.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\n\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=6540, ...}) = 0
old_mmap(NULL, 9732, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40072000
mprotect(0x40074000, 1540, PROT_NONE) = 0
old_mmap(0x40074000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x40074000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\34\34\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=10192, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40075000
old_mmap(NULL, 12252, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40076000
mprotect(0x40078000, 4060, PROT_NONE) = 0
old_mmap(0x40078000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x40078000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\370\223"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1267816, ...}) = 0
old_mmap(NULL, 1225348, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40079000
mprotect(0x4019a000, 41604, PROT_NONE) = 0
old_mmap(0x4019a000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x120000) = 0x4019a000
old_mmap(0x401a1000, 12932, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401a1000
close(3) = 0
mprotect(0x40072000, 8192, PROT_READ|PROT_WRITE) = 0
mprotect(0x40072000, 8192, PROT_READ|PROT_EXEC) = 0
mprotect(0x4006a000, 28672, PROT_READ|PROT_WRITE) = 0
mprotect(0x4006a000, 28672, PROT_READ|PROT_EXEC) = 0
munmap(0x40016000, 59972) = 0
brk(0) = 0x805329c
brk(0x80532c4) = 0x80532c4
brk(0x8054000) = 0x8054000
getuid32() = 0
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
brk(0x8056000) = 0x8056000
readlink("/proc/self/fd/0", "/dev/pts/2", 4095) = 10
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/2", 511) = 10
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = 3
fcntl64(0x3, 0x1, 0, 0x40198da0) = 0
fcntl64(0x3, 0x2, 0x1, 0x40198da0) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x4017d5b0, [], 0x4000000}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(0x3, 0x7, 0xbffff47c, 0xbffff47c) = 0
read(3, "\10\0\0\0\v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0\353\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\v\4\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\f\4\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\r\4\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0i\f\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0\314\6\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "", 384) = 0
fcntl64(0x3, 0x7, 0xbffff47c, 0x401a3340) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 1
close(3) = 0
getuid32() = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 3
connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=374, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "passwd: compat\nshadow: "..., 4096) = 374
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40016000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=59972, ...}) = 0
old_mmap(NULL, 59972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000
close(3) = 0
open("/lib/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\32\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=49432, ...}) = 0
old_mmap(NULL, 51660, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x401a5000
mprotect(0x401b1000, 2508, PROT_NONE) = 0
old_mmap(0x401b1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb000) = 0x401b1000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300=\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=80852, ...}) = 0
old_mmap(NULL, 89692, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x401b2000
mprotect(0x401c5000, 11868, PROT_NONE) = 0
old_mmap(0x401c5000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x12000) = 0x401c5000
old_mmap(0x401c6000, 7772, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401c6000
close(3) = 0
munmap(0x40016000, 59972) = 0
uname({sys="Linux", node="jambalaia.OnTheRoof", ...}) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(0x3, 0x1, 0, 0x7) = 0
fcntl64(0x3, 0x2, 0x1, 0x7) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1463, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0::/root:/bin/bash\nbin:"..., 4096) = 1463
close(3) = 0
munmap(0x40016000, 4096) = 0
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=608, ...}) = 0
open("/etc/pam.d/su", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=232, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "auth required pam_wheel."..., 4096) = 232
open("/lib/security/pam_wheel.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\10"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0755, st_size=5612, ...}) = 0
old_mmap(NULL, 8224, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40017000
mprotect(0x40018000, 4128, PROT_NONE) = 0
old_mmap(0x40018000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40018000
close(4) = 0
mprotect(0x40017000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40017000, 4096, PROT_READ|PROT_EXEC) = 0
open("/lib/security/pam_rootok.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\6\0"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0755, st_size=4184, ...}) = 0
old_mmap(NULL, 6796, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001a000
mprotect(0x4001b000, 2700, PROT_NONE) = 0
old_mmap(0x4001b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x4001b000
close(4) = 0
brk(0x8057000) = 0x8057000
mprotect(0x4001a000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x4001a000, 4096, PROT_READ|PROT_EXEC) = 0
open("/lib/security/pam_pwdb.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p!\0\000"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0755, st_size=34904, ...}) = 0
old_mmap(NULL, 37760, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x401c8000
mprotect(0x401d0000, 4992, PROT_NONE) = 0
old_mmap(0x401d0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x7000) = 0x401d0000
close(4) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=59972, ...}) = 0
old_mmap(NULL, 59972, PROT_READ, MAP_PRIVATE, 4, 0) = 0x401d2000
close(4) = 0
open("/lib/libpwdb.so.0", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0pA\0\000"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0755, st_size=131960, ...}) = 0
old_mmap(NULL, 298428, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x401e1000
mprotect(0x401f9000, 200124, PROT_NONE) = 0
old_mmap(0x401f9000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x17000) = 0x401f9000
old_mmap(0x40202000, 163260, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40202000
close(4) = 0
mprotect(0x401c8000, 32768, PROT_READ|PROT_WRITE) = 0
mprotect(0x401c8000, 32768, PROT_READ|PROT_EXEC) = 0
munmap(0x401d2000, 59972) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40016000, 4096) = 0
open("/etc/pam.d/other", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=204, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "auth required pam_deny.s"..., 4096) = 204
open("/lib/security/pam_deny.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\6\0\000"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0755, st_size=3744, ...}) = 0
old_mmap(NULL, 6448, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001c000
mprotect(0x4001d000, 2352, PROT_NONE) = 0
old_mmap(0x4001d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x4001d000
close(4) = 0
open("/lib/security/pam_warn.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \t\0\000"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0755, st_size=5960, ...}) = 0
brk(0x8058000) = 0x8058000
old_mmap(NULL, 8572, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001e000
mprotect(0x40020000, 380, PROT_NONE) = 0
old_mmap(0x40020000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x1000) = 0x40020000
close(4) = 0
mprotect(0x4001e000, 8192, PROT_READ|PROT_WRITE) = 0
mprotect(0x4001e000, 8192, PROT_READ|PROT_EXEC) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40016000, 4096) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(0x3, 0x1, 0, 0x401a0080) = 0
fcntl64(0x3, 0x2, 0x1, 0x401a0080) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1463, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0::/root:/bin/bash\nbin:"..., 4096) = 1463
close(3) = 0
munmap(0x40016000, 4096) = 0
time(NULL) = 1013724272
open("/etc/passwd", O_RDONLY) = 3
fcntl64(0x3, 0x1, 0, 0x401a0080) = 0
fcntl64(0x3, 0x2, 0x1, 0x401a0080) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1463, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0::/root:/bin/bash\nbin:"..., 4096) = 1463
close(3) = 0
munmap(0x40016000, 4096) = 0
getuid32() = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(0x3, 0x1, 0, 0x401a0080) = 0
fcntl64(0x3, 0x2, 0x1, 0x401a0080) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1463, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0::/root:/bin/bash\nbin:"..., 4096) = 1463
close(3) = 0
munmap(0x40016000, 4096) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 3
connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/group", O_RDONLY) = 3
fcntl64(0x3, 0x1, 0, 0xbfffd848) = 0
fcntl64(0x3, 0x2, 0x1, 0xbfffd848) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=592, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "nogroup::-2:\nroot::0:root\nbin::1"..., 4096) = 592
close(3) = 0
munmap(0x40016000, 4096) = 0
getuid32() = 0
open("/etc/pwdb.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=134, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "#\n# This is the configuration fi"..., 4096) = 134
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40016000, 4096) = 0
getrlimit(0x4, 0xbffff934) = 0
setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0
getuid32() = 0
open("/etc/passwd", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1463, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "root:x:0:0::/root:/bin/bash\nbin:"..., 4096) = 1463
close(3) = 0
munmap(0x40016000, 4096) = 0
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
brk(0x8059000) = 0x8059000
open("/etc/shadow", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0600, st_size=640, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "root:$1$ys2rX7s2$8jDHP9AAzluo9CU"..., 4096) = 640
close(3) = 0
munmap(0x40016000, 4096) = 0
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
time(NULL) = 1013724272
getrlimit(0x4, 0xbffff92c) = 0
setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0
open("/etc/login.defs", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1464, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "#MAIL_FILE .mail\n#M"..., 4096) = 1464
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40016000, 4096) = 0
brk(0x805c000) = 0x805c000
time([1013724272]) = 1013724272
open("/etc/localtime", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=786, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0"..., 4096) = 786
close(3) = 0
munmap(0x40016000, 4096) = 0
getpid() = 2991
rt_sigaction(SIGPIPE, {0x40151850, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl64(0x3, 0x2, 0x1, 0xffffffff) = 0
connect(3, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0
send(3, "<86>Feb 14 23:04:32 su[2991]: + "..., 48, 0) = 48
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
setgid32(0) = 0
open("/etc/group", O_RDONLY) = 4
fcntl64(0x4, 0x1, 0, 0xbffff8e0) = 0
fcntl64(0x4, 0x2, 0x1, 0xbffff8e0) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=592, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
_llseek(4, 0, [0], SEEK_CUR) = 0
read(4, "nogroup::-2:\nroot::0:root\nbin::1"..., 4096) = 592
read(4, "", 4096) = 0
close(4) = 0
munmap(0x40016000, 4096) = 0
setgroups32(0xb, 0x8058300) = 0
setuid32(0) = 0
munmap(0x40017000, 8224) = 0
munmap(0x4001a000, 6796) = 0
munmap(0x401c8000, 37760) = 0
munmap(0x401e1000, 298428) = 0
munmap(0x4001c000, 6448) = 0
munmap(0x4001e000, 8572) = 0
close(3) = 0
execve("/bin/bash", ["bash"], [/* 30 vars */]) = 0
brk(0) = 0x80da5d0
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=59972, ...}) = 0
old_mmap(NULL, 59972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000
close(3) = 0
open("/lib/libncurses.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\335"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=279388, ...}) = 0
old_mmap(NULL, 286848, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40025000
mprotect(0x4005f000, 49280, PROT_NONE) = 0
old_mmap(0x4005f000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x39000) = 0x4005f000
old_mmap(0x40068000, 12416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40068000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\34\34\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=10192, ...}) = 0
old_mmap(NULL, 12252, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4006c000
mprotect(0x4006e000, 4060, PROT_NONE) = 0
old_mmap(0x4006e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x4006e000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\370\223"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1267816, ...}) = 0
old_mmap(NULL, 1225348, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4006f000
mprotect(0x40190000, 41604, PROT_NONE) = 0
old_mmap(0x40190000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x120000) = 0x40190000
old_mmap(0x40197000, 12932, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40197000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4019b000
munmap(0x40016000, 59972) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
open("/dev/tty", O_RDWR|O_NONBLOCK|O_LARGEFILE) = 3
close(3) = 0
brk(0) = 0x80da5d0
brk(0x80da5f8) = 0x80da5f8
brk(0x80db000) = 0x80db000
getuid32() = 0
getgid32() = 0
geteuid32() = 0
getegid32() = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
time(NULL) = 1013724272
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, 0x5401, {B38400 opost isig icanon echo ...}) = 0
open("/etc/mtab", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=236, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "/dev/ide/host0/bus0/target0/lun0"..., 4096) = 236
close(3) = 0
munmap(0x40016000, 4096) = 0
open("/proc/meminfo", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, " total: used: free:"..., 4096) = 523
close(3) = 0
munmap(0x40016000, 4096) = 0
rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGILL, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTRAP, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGABRT, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGFPE, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGBUS, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGSEGV, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGUNUSED, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGPIPE, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGALRM, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGXCPU, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGXFSZ, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGVTALRM, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGUSR1, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGUSR2, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGWINCH, {0x80753d0, [], 0x4000000}, {SIG_DFL}, 8) = 0
uname({sys="Linux", node="jambalaia.OnTheRoof", ...}) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 3
connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=374, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "passwd: compat\nshadow: "..., 4096) = 374
brk(0x80dc000) = 0x80dc000
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40016000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=59972, ...}) = 0
old_mmap(NULL, 59972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000
close(3) = 0
open("/lib/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\32\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=49432, ...}) = 0
old_mmap(NULL, 51660, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4019c000
mprotect(0x401a8000, 2508, PROT_NONE) = 0
old_mmap(0x401a8000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb000) = 0x401a8000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300=\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=80852, ...}) = 0
old_mmap(NULL, 89692, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x401a9000
mprotect(0x401bc000, 11868, PROT_NONE) = 0
old_mmap(0x401bc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x12000) = 0x401bc000
old_mmap(0x401bd000, 7772, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401bd000
close(3) = 0
munmap(0x40016000, 59972) = 0
uname({sys="Linux", node="jambalaia.OnTheRoof", ...}) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(0x3, 0x1, 0, 0x7) = 0
fcntl64(0x3, 0x2, 0x1, 0x7) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1463, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0::/root:/bin/bash\nbin:"..., 4096) = 1463
close(3) = 0
munmap(0x40016000, 4096) = 0
brk(0x80dd000) = 0x80dd000
stat64("/home/arno", {st_mode=S_IFDIR|0755, st_size=1440, ...}) = 0
stat64(".", {st_mode=S_IFDIR|0755, st_size=1440, ...}) = 0
getpid() = 2991
getppid() = 2990
brk(0x80de000) = 0x80de000
stat64(".", {st_mode=S_IFDIR|0755, st_size=1440, ...}) = 0
stat64("/sbin/bash", 0xbffff72c) = -1 ENOENT (No such file or directory)
stat64("/bin/bash", {st_mode=S_IFREG|0755, st_size=588276, ...}) = 0
stat64("/bin/bash", {st_mode=S_IFREG|0755, st_size=588276, ...}) = 0
getpgrp() = 2990
dup(2) = 3
getrlimit(0x7, 0xbffff8d4) = 0
fcntl64(0xff, 0x1, 0xbffff8f8, 0x3) = -1 EBADF (Bad file descriptor)
dup2(3, 255) = 255
close(3) = 0
ioctl(255, 0x540f, [1073828736]) = -1 ENOTTY (Inappropriate ioctl for device)
getpid() = 2991
setpgid(0, 2991) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [32], 8) = 0
ioctl(255, 0x5410, [2991]) = -1 ENOTTY (Inappropriate ioctl for device)
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
setpgid(0, 2990) = 0
fstat64(2, {st_mode=S_IFREG|0644, st_size=30421, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
write(2, "bash: no job control in this she"..., 35bash: no job control in this shell
) = 35
fcntl64(0xff, 0x2, 0x1, 0x400152d4) = 0
rt_sigaction(SIGCHLD, {0x8075398, [], 0x4000000}, {SIG_DFL}, 8) = 0
ioctl(255, 0x5401, 0xbffff8d8) = -1 ENOTTY (Inappropriate ioctl for device)
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
open("/root/.bashrc", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=255, ...}) = 0
read(3, "# This file is sourced by all ba"..., 255) = 255
close(3) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
brk(0x80df000) = 0x80df000
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
stat64("/etc/profile", {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
open("1", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3
fcntl64(0x1, 0x1, 0, 0x1) = 0
fcntl64(0x1, 0, 0xa, 0x1) = 10
fcntl64(0x1, 0x1, 0, 0xa) = 0
fcntl64(0xa, 0x2, 0x1, 0xa) = 0
dup2(3, 1) = 1
close(3) = 0
stat64("/etc/profile", {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
open("/etc/profile", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
read(3, "if [ -e \"/etc/profile.env\" ]\nthe"..., 757) = 757
close(3) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
brk(0x80e0000) = 0x80e0000
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
stat64("/etc/profile.env", {st_mode=S_IFREG|0644, st_size=864, ...}) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
stat64("/etc/profile.env", {st_mode=S_IFREG|0644, st_size=864, ...}) = 0
open("/etc/profile.env", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=864, ...}) = 0
read(3, "export MANPATH=\'/usr/share/man:/"..., 864) = 864
close(3) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
brk(0x80e1000) = 0x80e1000
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
umask(022) = 022
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
pipe([3, 4]) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [32], 8) = 0
fork() = 2992
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGCHLD, {0x8075398, [], 0x4000000}, {0x8075398, [], 0x4000000}, 8) = 0
close(4) = 0
read(3, "root\n", 128) = 5
read(3, 0xbffff04c, 128) = ? ERESTARTSYS (To be restarted)
--- SIGCHLD (Child exited) ---
wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], WNOHANG, NULL) = 2992
wait4(-1, 0xbfffecc8, WNOHANG, NULL) = -1 ECHILD (No child processes)
sigreturn() = ? (mask now [])
read(3, "", 128) = 0
close(3) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [32], 8) = 0
rt_sigaction(SIGINT, {0x80752bc, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x80752bc, [], 0x4000000}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
dup2(10, 1) = 1
fcntl64(0xa, 0x1, 0, 0x1) = 1
close(10) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
fcntl64(0, 0x3, 0, 0x400152d4) = 2
stat64("/home/arno/unknown/root", 0xbffff97c) = -1 ENOENT (No such file or directory)
time(NULL) = 1013724273
open("/root/.bash_history", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0600, st_size=7326, ...}) = 0
brk(0x80e3000) = 0x80e3000
read(3, "cvs co -c\ncp /etc/ppp/peers/adsl"..., 7326) = 7326
close(3) = 0
stat64("/root/.bash_history", {st_mode=S_IFREG|0600, st_size=7326, ...}) = 0
open("/root/.bash_history", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0600, st_size=7326, ...}) = 0
read(3, "cvs co -c\ncp /etc/ppp/peers/adsl"..., 7326) = 7326
close(3) = 0
brk(0x80e4000) = 0x80e4000
brk(0x80e5000) = 0x80e5000
brk(0x80e6000) = 0x80e6000
ioctl(255, 0x5401, 0xbffffa28) = -1 ENOTTY (Inappropriate ioctl for device)
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
time(NULL) = 1013724273
brk(0x80e8000) = 0x80e8000
access("/root/.terminfo/x/xterm", R_OK) = -1 ENOENT (No such file or directory)
access("/usr/share/terminfo/x/xterm", R_OK) = 0
open("/usr/share/terminfo/x/xterm", O_RDONLY) = 3
read(3, "\32\1\'\0\17\0\17\0i\1U\2", 12) = 12
read(3, "nxterm|xterm-color|generic color"..., 39) = 39
read(3, "\0\1\0\0\1\0\0\0\1\0\0\0\0\1\1", 15) = 15
read(3, "P\0\10\0\30\0\377\377\377\377\377\377\377\377\377\377\377"..., 30) = 30
read(3, "\377\377\0\0\2\0\4\0\25\0\32\0\"\0&\0\377\377\377\377*"..., 722) = 722
read(3, "\7\0\r\0\33[%i%p1%d;%p2%dr\0\33[3g\0\33[H\33[2"..., 597) = 597
read(3, "", 1) = 0
read(3, "", 10) = 0
close(3) = 0
ioctl(1, 0x5401, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, 0x5401, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, 0x5413, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5413, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
brk(0x80e9000) = 0x80e9000
ioctl(0, 0x5413, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5414, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
stat64("/root/.inputrc", 0xbffff04c) = -1 ENOENT (No such file or directory)
brk(0x80ea000) = 0x80ea000
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT], [32], 8) = 0
ioctl(0, 0x5413, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5414, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, 0x5403, {B38400 opost isig -icanon -echo ...}) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGINT, {0x80b2290, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTERM, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGQUIT, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGALRM, {0x80b2290, [], 0x4000000}, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, 8) = 0
rt_sigaction(SIGTSTP, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTTOU, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTTIN, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGWINCH, {0x80b2314, [], 0x4000000}, {0x80753d0, [], 0x4000000}, 8) = 0
brk(0x80eb000) = 0x80eb000
write(2, "\33[01;31mjambalaia \33[01;34marno #"..., 38^[[01;31mjambalaia ^[[01;34marno # ^[[00m) = 38
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "\r", 1) = 1
write(2, "\n", 1
) = 1
rt_sigprocmask(SIG_BLOCK, [INT], [32], 8) = 0
ioctl(0, 0x5403, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGALRM, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGWINCH, {0x80753d0, [], 0x4000000}, {0x80b2314, [], 0x4000000}, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
time(NULL) = 1013724277
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT], [32], 8) = 0
ioctl(0, 0x5413, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5414, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, 0x5403, {B38400 opost isig -icanon -echo ...}) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGINT, {0x80b2290, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTERM, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGQUIT, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGALRM, {0x80b2290, [], 0x4000000}, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, 8) = 0
rt_sigaction(SIGTSTP, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTTOU, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTTIN, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGWINCH, {0x80b2314, [], 0x4000000}, {0x80753d0, [], 0x4000000}, 8) = 0
write(2, "\33[01;31mjambalaia \33[01;34marno #"..., 38^[[01;31mjambalaia ^[[01;34marno # ^[[00m) = 38
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "\33", 1) = 1
read(0, "O", 1) = 1
read(0, "A", 1) = 1
write(2, "exit", 4exit) = 4
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "\33", 1) = 1
read(0, "O", 1) = 1
read(0, "B", 1) = 1
write(2, "\10\10\10\10\33[K", 7\b\b\b\b^[[K) = 7
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "v", 1) = 1
write(2, "v", 1v) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "i", 1) = 1
write(2, "i", 1i) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, " ", 1) = 1
write(2, " ", 1 ) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "o", 1) = 1
write(2, "o", 1o) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "u", 1) = 1
write(2, "u", 1u) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "t", 1) = 1
write(2, "t", 1t) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, "\r", 1) = 1
write(2, "\n", 1
) = 1
rt_sigprocmask(SIG_BLOCK, [INT], [32], 8) = 0
ioctl(0, 0x5403, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGALRM, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGWINCH, {0x80753d0, [], 0x4000000}, {0x80b2314, [], 0x4000000}, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
stat64(".", {st_mode=S_IFDIR|0755, st_size=1496, ...}) = 0
stat64("/bin/vi", 0xbffff72c) = -1 ENOENT (No such file or directory)
stat64("/sbin/vi", 0xbffff72c) = -1 ENOENT (No such file or directory)
stat64("/usr/bin/vi", {st_mode=S_IFREG|0755, st_size=2715396, ...}) = 0
stat64("/usr/bin/vi", {st_mode=S_IFREG|0755, st_size=2715396, ...}) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [32], 8) = 0
fork() = 4561
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [32], 8) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [32], 8) = 0
rt_sigaction(SIGINT, {0x80752bc, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) = 4561
ioctl(255, 0x5401, 0xbffff838) = -1 ENOTTY (Inappropriate ioctl for device)
rt_sigprocmask(SIG_BLOCK, [CHLD TTOU], [CHLD 32], 8) = 0
rt_sigprocmask(SIG_SETMASK, [CHLD 32], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [CHLD 32], 8) = 0
rt_sigprocmask(SIG_SETMASK, [CHLD 32], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
--- SIGCHLD (Child exited) ---
wait4(-1, 0xbffff518, WNOHANG, NULL) = -1 ECHILD (No child processes)
sigreturn() = ? (mask now [])
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x80752bc, [], 0x4000000}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
time(NULL) = 1013725802
stat64("/home/arno/unknown/root", 0xbffff19c) = -1 ENOENT (No such file or directory)
time(NULL) = 1013725802
rt_sigprocmask(SIG_BLOCK, [CHLD TTOU], [32], 8) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [32], 8) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGINT, {0x8082790, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT], [32], 8) = 0
ioctl(0, 0x5413, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5414, {ws_row=47, ws_col=142, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, 0x5401, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, 0x5403, {B38400 opost isig -icanon -echo ...}) = 0
rt_sigprocmask(SIG_SETMASK, [32], NULL, 8) = 0
rt_sigaction(SIGINT, {0x80b2290, [], 0x4000000}, {0x8082790, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTERM, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGQUIT, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGALRM, {0x80b2290, [], 0x4000000}, {0x8082714, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM UNUSED], 0x4000000}, 8) = 0
rt_sigaction(SIGTSTP, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTTOU, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGTTIN, {0x80b2290, [], 0x4000000}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN}, {0x80b2290, [], 0x4000000}, 8) = 0
rt_sigaction(SIGWINCH, {0x80b2314, [], 0x4000000}, {0x80753d0, [], 0x4000000}, 8) = 0
write(2, "\33[01;31mjambalaia \33[01;34marno #"..., 38^[[01;31mjambalaia ^[[01;34marno # ^[[00m) = 38
rt_sigprocmask(SIG_BLOCK, NULL, [32], 8) = 0
read(0, <unfinished ...>
[-- Attachment #3: su --]
[-- Type: application/octet-stream, Size: 19192 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-02-16 23:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-02-16 23:32 [gentoo-dev] su generates strange files called "1" Arno Wilhelm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox