Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-31-2014, 11:40 AM
|
#1
|
Member
Registered: Oct 2013
Posts: 109
Rep:
|
suspicious a.out file in home directory
hi folks,
from time to time an a.out file appears in my home directory of my slackware64 14.1 box.The owner of this file is my user account. I feel unconfortable about it and want to ask if anyone knows whats going on here. You can find the gzipped file here:
http://laokoon.in-berlin.de/~heiko/a.out.gz
I checked my system with rkhunter - no errors. If you need more informations let me know.
regards,
heiko
|
|
|
01-31-2014, 11:43 AM
|
#2
|
Senior Member
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223
Rep: 
|
It happened with me too, I had to remove it like twice and then it never came back again.
|
|
|
01-31-2014, 11:44 AM
|
#3
|
Senior Member
Registered: Aug 2005
Distribution: Slackware, RHEL
Posts: 1,271
|
Perhaps this would be of help?
http://en.wikipedia.org/wiki/A.out
Are you compiling software using your standard user account by any chance?
|
|
|
01-31-2014, 11:55 AM
|
#4
|
Member
Registered: Oct 2013
Posts: 109
Original Poster
Rep:
|
Thanks for the replies.
Quote:
Originally Posted by stormtracknole
|
I know what an a.out file is. I just wonder how it got there. I do compile software with my standard user account, but I have a dedicated build directory. I did not compile anything when this file was created.
|
|
|
01-31-2014, 12:05 PM
|
#5
|
LQ Guru
Registered: May 2005
Location: boston, usa
Distribution: fedora-35
Posts: 5,326
|
this doesnt reveal much:
Code:
[schneidz@hyper ~]$ file a.out
a.out: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
[schneidz@hyper ~]$ strings a.out
.symtab
.strtab
.shstrtab
.text
.data
.bss
[schneidz@hyper ~]$
has anyone run it on something like a live-usb ?
Last edited by schneidz; 01-31-2014 at 12:09 PM.
|
|
|
01-31-2014, 12:16 PM
|
#6
|
Senior Member
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,307
Rep: 
|
It's about as empty as a correctly-formatted ELF file can be. All those sections are empty and define no symbols. It's only "suspicious" for small values of "suspicious"
Code:
$ readelf -a a.out
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 112 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 64 (bytes)
Number of section headers: 7
Section header string table index: 4
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000000000 00000040
0000000000000000 0000000000000000 AX 0 0 4
[ 2] .data PROGBITS 0000000000000000 00000040
0000000000000000 0000000000000000 WA 0 0 4
[ 3] .bss NOBITS 0000000000000000 00000040
0000000000000000 0000000000000000 WA 0 0 4
[ 4] .shstrtab STRTAB 0000000000000000 00000040
000000000000002c 0000000000000000 0 0 1
[ 5] .symtab SYMTAB 0000000000000000 00000230
0000000000000060 0000000000000018 6 4 8
[ 6] .strtab STRTAB 0000000000000000 00000290
0000000000000001 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
There are no program headers in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
Symbol table '.symtab' contains 4 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 SECTION LOCAL DEFAULT 1
2: 0000000000000000 0 SECTION LOCAL DEFAULT 2
3: 0000000000000000 0 SECTION LOCAL DEFAULT 3
No version information found in this file.
$
Perhaps some makefile you're running is a bit broken, or maybe you have a bash alias or script that runs some 'cc' or 'ld' command that is being run accidentally?
|
|
1 members found this post helpful.
|
01-31-2014, 12:33 PM
|
#7
|
Senior Member
Registered: Aug 2005
Distribution: Slackware, RHEL
Posts: 1,271
|
Quote:
Originally Posted by dederon
Thanks for the replies.
I know what an a.out file is. I just wonder how it got there. I do compile software with my standard user account, but I have a dedicated build directory. I did not compile anything when this file was created.
|
I've seen this happen to me before from time to time, but I never figured out what caused it. I am curious to see if you get to the source of this.
|
|
|
01-31-2014, 12:53 PM
|
#8
|
Senior Member
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727
|
Quick analyzing this little program with a decompiler, I discovered that it do NOTHING.
A good aproximate of its source code is:
Code:
int main() {
return 0;
}
That glorious in-utility make me to believe that it is just some remain of a past compilation. More precise, I believe, somewhere, time ago, a configure script tried to see if gcc can create a a.out executable, then failed to properly clean its own dirty...
That's all guys, we can move along. 
Last edited by Darth Vader; 01-31-2014 at 12:59 PM.
|
|
1 members found this post helpful.
|
02-01-2014, 05:20 AM
|
#9
|
Member
Registered: Oct 2013
Posts: 109
Original Poster
Rep:
|
thanks for all your help, i did even learn some things by reading your replies. great.
even though the program won't do any harm to my system i am still worried, as i don't know where this program comes from. i keep an eye on it. thank you.
|
|
|
02-02-2014, 07:24 AM
|
#10
|
Member
Registered: Oct 2013
Posts: 109
Original Poster
Rep:
|
ok, again a found an a.out file in my home directory. i set up a script to watch this directory and, if a.out pops up again, log some data and make some noise:
Code:
#!/bin/bash
echo "this program needs xterm!"
xset b on
while inotifywait -e create $HOME; do
if ls $HOME/a.out > /dev/null; then
date >> log
echo "---------------" >> log
/bin/netstat -atp >> log
echo "---------------" >> log
/usr/bin/ps axww >> log
echo "---------------" >> log
while true; do
echo -ne '\007'
/usr/bin/sleep 2
done
fi
done
any more ideas what i could do or what kind of system information i should add for logging?
Last edited by dederon; 02-02-2014 at 07:25 AM.
|
|
|
02-02-2014, 10:20 AM
|
#11
|
Senior Member
Registered: Aug 2005
Distribution: Slackware, RHEL
Posts: 1,271
|
I shot in the dark here. What does:
Code:
lsof | grep -i a.out
shows?
---------- Post added 02-02-14 at 09:21 AM ----------
Perhaps incorporate that into your script to see if it can catch it in the act.
|
|
|
02-02-2014, 11:24 AM
|
#12
|
Member
Registered: Apr 2010
Location: Geneva - Switzerland ( Bordeaux - France / Montreal - QC - Canada)
Distribution: Slackware 14.2 - 32/64bit
Posts: 609
|
In the same idea as stormtracknole, a way to track this kind of things would be to write a gcc/g++ hook in bash, to log any call to the compiler...
This hook could even "break" or notify in real time whenever a "a.out" is being built (or a call without '-o' flag).
Cheers
Garry.
|
|
|
02-03-2014, 09:16 AM
|
#13
|
Member
Registered: Oct 2013
Posts: 109
Original Poster
Rep:
|
Quote:
Originally Posted by stormtracknole
IPerhaps incorporate that into your script to see if it can catch it in the act.
|
in the first version of my script i logged the output of , but some tests revealed that it wouldn't print anything. it won't hurt, so i put the "lsof" line into my script.
|
|
|
02-03-2014, 09:28 AM
|
#14
|
Senior Member
Registered: Aug 2005
Distribution: Slackware, RHEL
Posts: 1,271
|
Quote:
Originally Posted by dederon
in the first version of my script i logged the output of , but some tests revealed that it wouldn't print anything. it won't hurt, so i put the "lsof" line into my script.
|
Great! Keep us updated if you can.
|
|
|
02-03-2014, 09:32 AM
|
#15
|
LQ 5k Club
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware64 15; SlackwareARM-current (aarch64); Debian 12
Posts: 8,311
Rep: 
|
Looks like something has been testing the compiler, like the test at the end of version-check.sh from LFS:
Code:
echo 'main(){}' > dummy.c && g++ -o dummy dummy.c
if [ -x dummy ]
then echo "g++ compilation OK";
else echo "g++ compilation failed"; fi
rm -f dummy.c dummy
|
|
|
All times are GMT -5. The time now is 10:23 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|