[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Backdoor over http(s)??



Hemsley, Trevor wrote:

...

I've downloaded the rs.c from the web site and it does compile but it generates a 6.5KB executable not the 450KB executable that you have. I don't think rs.c is either all of the code or it's a different program or possibly a much much earlier incarnation of it.
...


You need to copmile it statically & strip to do a real compare. They are not the same:

-r--r--r--    1 kbrannen users      435444 Jan  8 03:49 rhs
-r--r--r--    1 kbrannen users      396716 Jan 13 10:55 rs

rhs: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped rs: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped

Kevin


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here