Re: [TCLUG:12706] VENIX

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:12706] VENIX
From: Christopher Palmer <reid@pconline.com>
Date: Fri, 21 Jan 2000 16:57:20 -0600 (CST)
In-Reply-To: <Pine.LNX.4.20.0001211641380.7521-100000@dmitri.bitstream.net>
Reply-To: chrisp@innerfireworks.com

On Fri, 21 Jan 2000, Dan Debertin wrote:

> > You speak as if from experience...? I might have to be real impressed,
> > and then come over and bug you for fun stories. :)
> 
> Yup. Every time tripwire reports that something weird like 'du' or 'ls'
> has changed on a system, I pull out truss, strings and hexedit and have at
> it. Sometimes it turns out to be benign .... other times it's something
> like 'ooh look, what might open("/etc/shadow", O_RDONLY) be doing in the
> 'ls' program??'

heh :) My hat's off, man. So what, do real function calls show up when you
look at a bin with one of those tools? Seems unlikely. And where can I
get hexedit -- is that standard? I see here truss is showing that kind of
thing in its output. Fun.

--
Christopher Reid Palmer : www.innerfireworks.com

Let go of the hangers-on.

Follow-Ups:
- Re: [TCLUG:12706] VENIX
  - From: Dan Debertin <danield@bitstream.net>
- Re: [TCLUG:12706] VENIX
  - From: Troy Johnson <john1536@tc.umn.edu>

References:
- Re: [TCLUG:12706] VENIX
  - From: Dan Debertin <danield@bitstream.net>

Prev by Date: Re: [TCLUG:12721] Re: [OT] 4-channel MP3/CD-audio?
Next by Date: Re: [TCLUG:12706] VENIX
Prev by thread: Re: [TCLUG:12706] VENIX
Next by thread: Re: [TCLUG:12706] VENIX
Index(es):
- Date
- Thread