[csw-maintainers] Anyone ever seen this before?

Roger Håkansson hson at opencsw.org
Wed Mar 11 20:15:46 CET 2009


Philip Brown wrote:
> On Wed, Mar 11, 2009 at 05:37:04AM +0100, Roger H�kansson wrote:
>> On my own sparc build machine, gmd5sum generates a totally different md5 
>> checksum for one file, than my x86 machine and the buildfarm machines.
>> But its only for just one file, with all other files it generates the 
>> same checksum as all other machines...
> 
> errr... if it's a file named like a system utility such as "ls" or
> "file" or some such... it means your machine has been hacked.

No its patch file in a package I'm building.

> Heck, actually, just what you said is kinda proof that it has been hacked.

In normal circumstances I would agree, but in this case it was not 
binaries but a regular textfile within a gar project.
Plus the likelihood that someone could hack in to the solaris host 
(which is actually a x86 one and not a sparc as I wrote in my last mail, 
I was a bit tired), is so utterly small that it was not my first thought 
(even though I'm quite particular regarding security)




It happened again and now I've analyzed the scrollback buffer of my 
ssh-client and I'm starting to think that its a cacheing problem.

04:40 - I run 'svn update' to receive a new version of the patchfile 
plus a new checksums file which indicates that the patchfile should have 
f30f9291f73781869e9d1e3091d8d151 as checksum
04:40 - A 'gmake package' gives a 'failed checksum test', so I run 
'gmake makesum' which tells me that the checksum is 
ea5ddd010782ed77209e2414e5500ec7
04:41 - I run 'gmake package' to build the package which completes 04:44
09:36 - I run 'rm -rf cookies work;gmake package' which tells me 'failed 
checksum test', so I run 'gmake makesum' which tells me that the 
checksum is f30f9291f73781869e9d1e3091d8d151, exactly the same as what 
is should have been at 04:40
12:40 - I make some changes on my sparc build machine which gives me a 
different checksum file and I commit both files again.
12:40 - I run 'svn update' on my x86 machine again to get the new files.
This time the checksum should be eded3e75e8a25acf7922ba0e7593ecb1
12:43 - 'gmake package' fails due to 'failed checksum test'
12:44 - I manually run 'gmd5sum files/mainpatch' which gives me 
eded3e75e8a25acf7922ba0e7593ecb1, just as it should be.
12:45 - I remove the symbolic link in download to files/mainpatch
12:45 - Another 'gmake package' succeeds with no checksum problem.


The x86 "machine" is a Solaris8 running in a vmware server on a centos host.



More information about the maintainers mailing list