Binary file created in / with same name as root password, seemingly sporadically

Jonathan Neill TYR124840 at tyler.net
Thu Mar 4 13:11:12 PST 2004 

Apologies if this is a stupid question and I should RTFM, but something on 
my Freebsd-5.1 box is creating a binary file in / with the same name as my 
root password and I was curious as to what exactly this might be. (I 
always SSH into the box on a regular user then su root to do work.)


FreeBSD localhost 5.1-RELEASE FreeBSD 5.1-RELEASE #2: Sun Feb 29 21:36:25 
CST 2004     jon at localhost:/usr/src/sys/i386/compile/jon  i386


/# cat /etc/rc.conf
sshd_enable="YES"
ifconfig_sis0="DHCP"
inetd_enable="NO"
update_motd="NO"
enable_quotas="NO"
hostname="localhost"


/# ps x
   PID  TT  STAT      TIME COMMAND
     0  ??  DLs    0:00.01  (swapper)
     1  ??  ILs    0:00.17 /sbin/init --
     2  ??  DL     0:00.23  (g_event)
     3  ??  DL     0:02.11  (g_up)
     4  ??  DL     0:11.78  (g_down)
     5  ??  IL     0:00.00  (acpi_task0)
     6  ??  IL     0:00.00  (acpi_task1)
     7  ??  IL     0:00.00  (acpi_task2)
     8  ??  DL     0:00.00  (pagedaemon)
     9  ??  DL     0:00.00  (vmdaemon)
    10  ??  DL     0:00.00  (ktrace)
    11  ??  RL    21:24.98  (idle)
    12  ??  WL     0:02.10  (swi1: net)
    13  ??  WL     0:03.77  (swi7: tty:sio clock)
    15  ??  DL     0:00.94  (random)
    18  ??  WL     0:00.00  (swi6: acpitaskq)
    21  ??  WL     2:38.15  (irq14: ata0)
    23  ??  WL     0:02.39  (irq11: sis0)
    24  ??  WL     0:00.00  (irq6: fdc0)
    31  ??  DL     0:20.40  (pagezero)
    32  ??  DL     0:01.18  (bufdaemon)
    33  ??  DL     0:02.34  (syncer)
    34  ??  DL     0:00.02  (vnlru)
    35  ??  IL     0:00.00  (nfsiod 0)
    36  ??  IL     0:00.00  (nfsiod 1)
    37  ??  IL     0:00.00  (nfsiod 2)
    38  ??  IL     0:00.00  (nfsiod 3)
   114  ??  Is     0:00.00 adjkerntz -i
   185  ??  Is     0:00.00 /sbin/dhclient sis0
   237  ??  Is     0:00.02 /usr/sbin/syslogd -s
   365  ??  Is     0:00.22 /usr/sbin/sshd
   385  ??  Ss     0:00.02 /usr/sbin/cron
   401  ??  Is     0:00.00 /usr/local/sbin/smbd -D
   403  ??  Ss     0:00.14 /usr/local/sbin/nmbd -D
   440  ??  Is     0:00.05 sshd: jon [priv] (sshd)
63211  ??  Is     0:00.04 sshd: jon [priv] (sshd)
   445  p0  I      0:00.02 su root
   446  p0  I      0:00.09 _su (csh)
63808  p1  I+     0:00.00  (sh)
63809  p1  I+     0:00.01  (sh)
63216  p2  I      0:00.02 su root
63217  p2  S      0:00.04 _su (csh)
63874  p2  R+     0:00.00 ps x
   436  v1  Is+    0:00.01 /usr/libexec/getty Pc ttyv1
   437  v2  Is+    0:00.01 /usr/libexec/getty Pc ttyv2
   438  v3  Is+    0:00.01 /usr/libexec/getty Pc ttyv3
   439  v4  Is+    0:00.01 /usr/libexec/getty Pc ttyv4
   435 con  Is+    0:00.01 /usr/libexec/getty Pc console

More information about the freebsd-questions mailing list