View previous topic :: View next topic |
Author |
Message |
vipul n00b
Joined: 29 Mar 2003 Posts: 1
|
Posted: Sat Mar 29, 2003 3:39 am Post subject: Portage ate /usr! A trojan? |
|
|
Hi,
I installed gentoo about a week ago and was extremely happy
with it till this evening when emerge nuked my entire /usr
partition and left a file in /usr called "successful" which is
owned by portage.portage.
I need gcc 2.96-98 for compiling one of my projects, so I searched
on google and found a 2.96 ebuld[*]. I studied the ebuild to make
sure it wasn't going to do anything funny, it looked completely harmless,
so I ran emege gcc-2.96.20000731.ebuild. emerge ran for about a minute
without printing out any progress information and then informed
me that gcc-2.96.20000731.ebuild was not found! This was strange
considering that I specified the filename (with correct path) on the
command line and it was obviously doing something with it.
After that I tried to do an ls, and it showed me an empty directory,
which is what happens if a directory is deleted from under you. I
changed to /usr and found everything was missing except two
files ".keep" owned by root and "successful" owned by portage.
I am running reiserfs, but this doesn't seem to be a reiserfs glitch,
and I have no idea what happened, since I can't go back and inspect
/usr. My only guess is that emerge or another part of portage got
trojanned to randomly nuke /usr. If you have any ideas on why
this could have happened, I would very much like to know.
cheers,
vipul.
* ebuild was downloaded from here:
http://filepile.tiscali.de/mirror/gentoo/old/gentoo-x86-portage/sys-devel/gcc/gcc-2.96.20000731.ebuild |
|
Back to top |
|
|
CountZero Tux's lil' helper
Joined: 21 Jan 2003 Posts: 79 Location: Arlington, TX, USA
|
Posted: Sat Mar 29, 2003 5:17 am Post subject: |
|
|
It's always a good idea not to use third party ebuilds. This kinda looks suspicious to me:
Code: | for i in stmtexpr clear-hack loop alpha-addressof regmove-asm cpplib cpp0 canon-cond \
bogus-subreg cp-ii subreg-gcse subregbyte-gcse combine-comparison \
loop-noopt loop-unroll loop-test1 loop-test2 loop-scanloop i386-ashlsilea \
i386-lea lowpart-test loop-noopt2 i386-sibcall cpp-warn wint_t \
format-checking strftime xopen c99 iso-not-ansi sibcall Os-testcase \
java-misc java-bytecode java-pg f-include unroll i386-strops \
simplify-relational alias jsm1 jsm2 jsm3 scanf jsm4 jsm5 jsm6 \
jsm7 jsm8 loop-hack cpp-warnpaste float-condmove i386-call \
i386-call2 i386-call-test i386-arith i386-ge_geu i386-gotoff java-catchup \
java-no-super-layout make-extraction segv1 segv2 sparc-copy-leaf-remappable \
wchar-const libio alpha-tune alpha-unaligned cpp-warnpaste2 loop-giv \
real-value sparc-const-pool sparc64-timode callersave-segv libio-printf_fp \
pt-enum sparc-pic subreg-byte-expmed test-991206-1 alpha-mi-thunk c++-pmf \
f77-fdebug libio-endl i386-compare-test sparc-may-trap sparc-mi-thunk \
c++-inline16-test c++-named-return-value c++-walk-tree i386-reload-test \
i386-reload sibcall-unchanging segv3 c++-crash24 do-store-flag \
i386-address-cost i386-arith2 i386-constraint-N incomplete-aggregate-alias \
sibcall-eh2 cpp-assert-crash c++-undefined-method sparc-4096 \
sparc64-reload-test sparc64-reload2 subreg-byte-operand-subword \
c++-binding-levels c++-static-class c++-testset1 c++-testset2 place-field \
sparc-output-formatting sparc64-mi-thunk sparc64-namedret sparc64-nested-fn \
c++-ice |
I've never seen that in an ebuild before. I cannot tell what exactly happened but I would definitely blame the third party ebuild. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|