Found a couple of ecp binaries in /tmp, apparently created concurrent
with an 11.0 x86_64 kernel build. Anyone else seen this? Could they
be related to a "make buildkernel"?
# ls -l /tmp/ecp*
-rw-r--r-- 1 root wheel 4229 Dec 27 06:21 ecp.Aak1ruL8
-rw-r--r-- 1 root wheel 2371 Dec 27 06:21 ecp.8Wba0TzO
# file /tmp/ecp.*
/tmp/ecp.8Wba0TzO: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not
stripped
/tmp/ecp.Aak1ruL8: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not
stripped
# strings /tmp/ecp.Aak1ruL8
belX
__vdso_clock_gettime
__vdso_getcpu
__vdso_gettimeofday
__vdso_time
linux_platform
linux_rt_sigcode
linux_vdso.so.1
LINUX_2.6
x86_64
.symtab
.strtab
.shstrtab
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_d
.eh_frame_hdr
.eh_frame
.dynamic
.data
.text
.endrtsigcode
.getip
.startrtsigcode
_DYNAMIC
_GLOBAL_OFFSET_TABLE_
clock_gettime
LINUX_2.6
__vdso_gettimeofday
__vdso_getcpu
gettimeofday
time
getcpu
__vdso_clock_gettime
linux_platform
linux_rt_sigcode
__vdso_time
# strings /tmp/ecp.8Wba0TzO
linux32_rt_sigcode
linux32_sigcode
linux32_vsyscall
linux_platform
linux32_vdso.so.1
LINUX_2.5
i686
.shstrtab
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_d
.eh_frame_hdr
.eh_frame
.dynamic
.data
.text
Is there anything else that might trace the origin of these files other
than possibly another buildkernel?
Thanks,
Roger
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
