On 5/19/23, Schwibinger Michael <h...@hotmail.com> wrote: > Good afternoon > > I did the update and > when doing new start: > Crash
Hi, Sophie.. While you're waiting for others to respond, am typing to say I just went through this a couple days ago. Our situations are all so different so this is a recap of what happened for me. In *my* case, something unknown changed a BUNCH of (but not all) top level root directory permissions. I found out by accident while trying to mitigate the first errors I encountered. At some point, systemd was referenced and was freaking out that it had lost permissions. That's when I ran "ls -ld /*" and received e.g.: lrwxrwxrwx 1 root root 7 Feb 11 14:26 /bin -> usr/bin drwxr-xr-x 4 1001 1001 4096 May 17 05:47 /boot drwxr-xr-x 11 root root 36864 Feb 12 14:17 /dev drwxr-xr-x 125 1001 1001 12288 May 16 22:12 /etc drwxr-xr-x 5 1001 1001 4096 Apr 14 02:39 /home lrwxrwxrwx 1 root root 7 Feb 11 14:26 /lib -> usr/lib lrwxrwxrwx 1 root root 9 Feb 11 14:26 /lib32 -> usr/lib32 lrwxrwxrwx 1 root root 9 Feb 11 14:26 /lib64 -> usr/lib64 lrwxrwxrwx 1 root root 10 Feb 11 14:26 /libx32 -> usr/libx32 drwx------ 2 1001 1001 16384 Feb 9 20:57 /lost+found drwxr-xr-x 4 1001 1001 4096 Apr 21 20:52 /media drwxr-xr-x 10 1001 1001 4096 May 16 16:27 /mnt drwxr-xr-x 3 1001 1001 4096 Feb 26 16:44 /opt drwxr-xr-x 2 root root 4096 Oct 3 2022 /proc drwx------ 8 root 1001 4096 May 16 22:19 /root 1001 is the username I was on when the incident occurred. That /root change is odd because it only changed one of them. Even odder is how whatever did this made only partial permission changes instead of altering all child directories under the top level parent "/" directory. First sign something was wrong was that I suddenly couldn't log onto the Internet. Prior to that, everything else worked as expected. Then I rebooted and landed at an "sh" prompt. A second or third reboot landed at that dreaded kernel panic screen that only shuts down for me by punching the hardware ON/OFF button. I had also done an update/upgrade a few hours before. Newest program added was Einstein after a different Debian-User thread reminded me it exists. In case it helps narrow down a culprit, the last four apt-get actions I performed between 2023.05.15 and 2023.05.16 are: ++++ START SNIPPETS FROM /var/log/apt/history.log ++++ Upgrade: libgsl27:amd64 (2.7.1+dfsg-3+b1, 2.7.1+dfsg-4), libgslcblas0:amd64 (2.7.1+dfsg-3+b1, 2.7.1+dfsg-4) Install: libsdl-mixer1.2:amd64 (1.2.12-17+b3, automatic), libsdl-ttf2.0-0:amd64 (2.0.11-6, automatic), einstein:amd64 (2.0.dfsg.2-10+b1), libmikmod3:amd64 (3.3.11.1-7, automatic) Upgrade: libcap2-bin:amd64 (1:2.66-3, 1:2.66-4), grub-pc-bin:amd64 (2.06-12, 2.06-13), libcap2:amd64 (1:2.66-3, 1:2.66-4), grub-efi-amd64-bin:amd64 (2.06-12, 2.06-13), grub2-common:amd64 (2.06-12, 2.06-13), grub-common:amd64 (2.06-12, 2.06-13), grub-pc:amd64 (2.06-12, 2.06-13) Upgrade: google-chrome-stable:amd64 (113.0.5672.92-1, 113.0.5672.126-1), libtbbbind-2-5:amd64 (2021.8.0-1, 2021.8.0-2), libtbbmalloc2:amd64 (2021.8.0-1, 2021.8.0-2), libtbb12:amd64 (2021.8.0-1, 2021.8.0-2) ++++ END SNIPPETS FROM /var/log/apt/history.log ++++ The affected partition is still here, but I didn't have time for fighting with it. I debootstrap'ed onto another partition, installed a ton of favorite programs (not Einstein), ran "ls -ld /*" on the new partition, and all has been well... So far. PS I reported this exact kind of thing to Debian Security a number of years ago. I was "blown off", shown the cyber door. The PRIVATE email I sent them had explained the situation two different ways to help expedite their receiving end's grasp of the repeatedly reproducible direness of what happened. In last year or so, someone else got credit for reporting a part of the same thing I reported years ago. I don't remember what was left out, but whatever it was, someone else has possibly figured it out... so that it's not just Adobe perping it this time. And they're perping it in a different way. Adobe had gone straight down the line and changed everything directly under "/" to a third party username. No root, no 1001 for that one back then. Cindy :) -- Talking Rock, Pickens County, Georgia, USA * runs with birdseed *