Bug 517325
| Summary: | Suspected malware on a recent Fedora 11 DVD ISO | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Martin Gregorie <martin> |
| Component: | distribution | Assignee: | Bill Nottingham <notting> |
| Status: | CLOSED WORKSFORME | QA Contact: | Bill Nottingham <notting> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | bressers, dcantrell, maurizio.antillon, robatino, rvokal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-01-20 20:03:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Martin Gregorie
2009-08-13 14:15:52 UTC
Try using the rawread script from http://www.troubleshooters.com/linux/coasterless.htm to check the checksum on the disc as follows: ./rawread /dev/dvd | sha256sum and compare with the correct value, which for Fedora-11-i386-DVD.iso is 6e812e782e52b536c0307bb26b3c244e1c42b644235f5a4b242786b1ef375358 Or if you still have the ISO on the HD, just run sha256sum on that. The mediacheck only protects against natural corruption, not a deliberate fake (which is why I always download the signed CHECKSUM file and run gpg --verify on it). I founfd a rawread script (it runs isoinfo and passed those parameters to dd) and generated the checksum as requested. Its the same as the one you posted. Do you have a screenshot of the "hammer"? Unfortunately, no, I don't have a screen shot. The icon was a white portrait-style rectangle, possibly with a thin black border. It contained 3-4 lines, each containing black ones and zeros. I called it 'hammer' because that was the icon caption. [andre@compaq-pc tmp]$ strings Fedora-11-i386-DVD.iso | grep hammer - Stop hammering stuff on update of chroot environment - Stop hammering stuff on update of chroot environment - Stop hammering stuff on update of chroot environment - Stop hammering stuff on update of chroot environment hammerlock.py hammerlock.pyc hammerlock.pyo drm-i915-apply-a-big-hammer-to-865-gem-object.patch drm-i915-apply-a-big-hammer-to-865-gem-object.patch drm-i915-apply-a-big-hammer-to-865-gem-object.patch hammerhead /usr/src/kernels/2.6.29.4-167.fc11.i686.PAE/arch/avr32/boards/hammerhead/ drm-i915-apply-a-big-hammer-to-865-gem-object.patch hammerhead /usr/src/kernels/2.6.29.4-167.fc11.i586/arch/avr32/boards/hammerhead/ drm-i915-apply-a-big-hammer-to-865-gem-object.patch drm-i915-apply-a-big-hammer-to-865-gem-object.patch - merge changes in from -6hammer - merge changes in from -6hammer - fix mysql_config on hammer - fix mysql_config on hammer - fix mysql_config on hammer - fix mysql_config on hammer - Merge in hammer changes, rebuild - Merge in hammer changes, rebuild - Merge in hammer changes, rebuild Elliot Lee <sopwith> 0.9.6b-29hammer.3 - Merge fixes from previous hammer packages, including general x86-64 and Elliot Lee <sopwith> 0.9.6b-29hammer.3 - Merge fixes from previous hammer packages, including general x86-64 and Elliot Lee <sopwith> 0.9.6b-29hammer.3 - Merge fixes from previous hammer packages, including general x86-64 and - hammer events revised. hammer /usr/share/oprofile/x86-64/hammer/ - hammer events revised. Jeremy Katz <katzj> 1.4.24-6hammer hammer.png - Merged patch from Karsten Hopp <karsten> from 2.2.1-17hammer to - Merged patch from Karsten Hopp <karsten> from 2.2.1-17hammer to - Merged patch from Karsten Hopp <karsten> from 2.2.1-17hammer to Than Ngo <than> 3.0.5-17hammer Than Ngo <than> 3.0.5-17hammer Than Ngo <than> 3.0.5-17hammer - Fix leaking fd for loadkeys with a big hammer (#501368) - Merge changes from 8.0-hammer - Merged patch from Karsten Hopp <karsten> from 2.2.1-17hammer to Phil Knirsch <pknirsch> 2.11r-10hammer.3 Elliot Lee <sopwith> 2.11r-10hammer.2 Than Ngo <than> 2.11r-10hammer.1 Bernhard Rosenkraenzer <bero> 2.11r-10hammer - Port to hammer [andre@compaq-pc tmp]$ It would make the most sense for you to re-install F11, and not restore anything. It is more likely this is an issue with something in your home directory and not F11. I'd respectfully disagree with that. I've never written or installed anything resembling this hammer thing. In any case, if it was crud that came in with the /home restore, why hasn't it affected F10? There is nothing in ~/bin in my usual login directory apart from a script wrapper for diff and the hammering started before I'd got round to adding the symlink to /usr/local/bin. After a fresh install I delete the /usr/local structure and replace it with a symlink to /home/local. However, in this case the hammering started before I'd done anything except the /home restore and trying to get the network up in order to run 'yum upgrade' - this is normally the first thing I do after a clean install. In this case I wanted to restore the /home partition before running yum. Doing stuff in this order was intended to leave my new disk as it would have been if the clean install was to an older disk. Normally /home is already there because this partition is never reformatted. Sorry about the delayed response. I'm not sure what to say here - this is the only report we've seen anywhere, and we have an install base of many many thousands. Furthermore, we can't reproduce this. At the moment, I don't think we have anoy other course as to close this as WORKSFORME. |