Summary: | Virus on installation cd - no one has ever heard of anything like this happening | ||
---|---|---|---|
Product: | Gentoo Release Media | Reporter: | Paul Crinigan <paulc218> |
Component: | Everything | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | critical | CC: | releng |
Priority: | High | ||
Version: | 2005.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Paul Crinigan
2005-11-12 16:11:18 UTC
ok, first of all the myth about boot directories within boot directories -- if you do an ls -al /boot you'll see that it contains a symlink like so: boot -> . in other words, /boot/boot is just a symlink to /boot/ itself. Nothing to worry about there, honest, but yes, you can definitely keep going to 50 times cd'ing into the same place via that symlink. The handbook's fstab example suggests noauto option for /boot if you followed this example you'll have to mount /boot to make the kernels and grub/grub.conf appear. You haven't provided any info about the cd you are talking about. Which cd image did you burn? Which mirror did you download it from? What md5sum does that image have? Hi Everyone, I am really sorry for this bug report, I did get rocked by some malware getting on to 3 of my servers and I think that I thought I saw signs of it happening again with a new install. I am 99% sure now that I was wrong about the problem being from Gentoo. I feel pretty dumb about posting it here, I have my own open source shopping cart project and I hate when someone can't figure something out and reports it as a bug. In my defense, from how I saw things it made sense. The directory that was in /tmp/.initrd/ was where the malware was attacking from and when i saw it was there again I really believed the malware had gotten in to my fresh install. I also didn't understand at that time how to view my boot partition's files, so I thought the kernel images were deleted, which is also what that malware was doing to my system so it wouldn't boot. I had a 1 character typo in my grub.conf so I couldn't boot without the cd, so it all seemed like it was happening again. I also didn't realize that /boot/boot was a symbolic link. So all those inexperienced mistakes made me jump to conclusions, plus the fact that haven't slept for 3 days and am pretty paranoid now. I think I got my install complete, we'll see in a little while if the server will show web pages. If anyone knows anything about what hit me or how to prevent it again, please share. I really really appreciate that some of you answered and it seems that if I wasn't resolving this ticket that more of you would have responded in time. So thank you, its nice knowing there is help when you need it. I really respect the Gentoo project and really enjoy all the great documentation your editors have produced. I might be a newbie with linux, but I am a pretty good php developer / algorithm writter. I have my own shopping cart software and have written an entire flash website builder (www.amazingflash.com), so if you guys want another developer to help in any way let me know. I like to add to things that truly help the internet. I planned on making myself a command line installer and I have some really nice condensed install steps that work great for me. I have it down to about 15 steps that take up about 3 sheets of paper hand written. So its short and sweet. Let me know if you guys want it. Paul I apologize for the bug spam here, but I'm changing the location of this one to its proper place. Changing resolution code. |