[RndTbl] weird a.out in /var/log/httpd
Trevor Cordes
trevor at tecnopolis.ca
Mon Jan 5 17:33:35 CST 2015
Uh oh. Finding an a.out in your /var/log/httpd doesn't instill
a warm fuzzy feeling.
I have ~ 4k a.out there dated Oct 12, which unfortunately is just past
my logrotate cutoff now, so I can't check access.log (drat) without
hitting the (hard to hit) backups.
file a.out
a.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
dynamically linked (uses shared libs), not stripped
I fired up a live-cd linux with no disks or net attached to try to run
it (I put it on a usb stick). But when I do *the shell* returns ENOENT
and won't run. I tried ./a.out. I tried moving it to a fs that
shouldn't be mounted noexec. I tried strace a.out and strace ./a.out
and strace shows only the exec attempt and the error print and quit.
Huh? How can I get this thing to run?
Anyway to see what it is doing? Disassemble? It is not stripped, so
gdb? How can I step-run it from the start (ie nothing executes until I
step)?
What else to do with this file?
I'll see if I can dig up the access.log from that date and get more
details.
More information about the Roundtable
mailing list