Hi, On Thu, 2003-05-22 at 01:31, Jure Pecar wrote: > My theory goes like this: > > There is some fundamental flaw in the linux kernel that can be triggered by > some foo file. What exactly would foo stand here i don't know (yet). I'm > sure to save the maildrop directory when this happens next time :) I can't see any evidence of that. Your box[es] appear to be compromised with a rootkit, as near as I can tell. The asm that oopsed is garbage; the return address on the stack is right after the indirection call in system_call(). So somebody has patched the system call table to point to a module, but the module is bogus. Either you are loading a buggy (and very badly behaved) module deliberately, or there's a rootkit on the box. Oh, and tripwire isn't enough to verify your system --- most rootkits have the ability to hide the files that they modify from user-space programs. You really need to verify the box from a standalone rescue CD boot to eliminate that possibility. Cheers, Stephen _______________________________________________ Ext3-users@redhat.com https://www.redhat.com/mailman/listinfo/ext3-users
