Cool! I had no knowledge of this program, but now I've seen something weird: I created the .rpm file with checkinstall, then opened it with file-roller, I can see a directory to be extracted in '/' containing two subdirectories: 'usr' (containing 'local/share/gyachi') and -here comes the weird part- a 'selinux' directory, which contains a 'context' file (a binary file). To explain myself further I'll make a graphic explanation on the contents of the package:
______selinux/context
/----______usr/local/share/gyachi
So, my question is, why a messaging app should write something in the /selinux directory during the installation? It sounds like some sort of virus to me (or some trojan perhaps?). After I noticed this, I issued the command 'ls -la /selinux', and this is what I got:
Code:
[vicente@dyn-1043 ~]$ ls -la /selinux
total 8
drwxr-xr-x 1 root root 0 feb 27 03:30 .
drwxr-xr-x 23 root root 4096 feb 27 07:30 ..
-rw-rw-rw- 1 root root 0 feb 27 03:30 access
dr-xr-xr-x 1 root root 0 feb 27 03:30 avc
dr-xr-xr-x 1 root root 0 feb 27 03:30 booleans
-rw-r--r-- 1 root root 0 feb 27 03:30 checkreqprot
--w------- 1 root root 0 feb 27 03:30 commit_pending_bools
-rw-rw-rw- 1 root root 0 feb 27 03:30 context
-rw-rw-rw- 1 root root 0 feb 27 03:30 create
--w------- 1 root root 0 feb 27 03:30 disable
-rw-r--r-- 1 root root 0 feb 27 03:30 enforce
-rw------- 1 root root 0 feb 27 03:30 load
-rw-rw-rw- 1 root root 0 feb 27 03:30 member
-r--r--r-- 1 root root 0 feb 27 03:30 mls
crw-rw-rw- 1 root root 1, 3 feb 27 03:30 null
-r--r--r-- 1 root root 0 feb 27 03:30 policyvers
-rw-rw-rw- 1 root root 0 feb 27 03:30 relabel
-rw-rw-rw- 1 root root 0 feb 27 03:30 user
[vicente@dyn-1043 ~]$
As you can see, all the contents of the selinux directory seem to have been created today (I reinstalled gyachi today from the source).
As a side note, I downloaded the program from
http://gyachi.sourceforge.net/
So what do you think?? And what should I do now??
Edit: Should I open a new topic in the Security forum??