Since yesterday, my login messages now include a complaint that I've tracked down to a silly-looking entry in /etc/bash_completion.d:
lrwxrwxrwx 1 root root * *22 2010-09-24 08:08 bash_completion.d -> /etc/bash_completion.d

The date says it was put in yesterday when I was actually at that machine. *I recall installing one or two packages about then,but I was also doing a small number of other root chores. *But I don't normally do anything with completions manually.

I've removed this recursive link, and all is well, but I wonder just a little if I did it to myself, or if this has happened to anyone else.
It doesn't look particularly dangerous, just annoying, so I don't really think it's an exploit as such.

The apt logs show only these installs in the last two days:
Start-Date: 2010-09-23 *07:54:58Upgrade: bzip2 (1.0.5-4, 1.0.5-4ubuntu0.1), libbz2-1.0 (1.0.5-4, 1.0.5-4ubuntu0.1), gnome-terminal (2.29.6-0ubuntu5, 2.30.2-0ubuntu1), adobe-flashplugin (10+++ *.1.82.76-1lucid1, 10.1.85.3-1lucid1), dpkg (1.15.5.6ubuntu4.1, 1.15.5.6ubuntu4.3), gnome-terminal-data (2.29.6-0ubuntu5, 2.30.2-0ubuntu1)
End-Date: 2010-09-23 *07:55:09
Start-Date: 2010-09-24 *08:11:15Install: realpath (1.15build1)End-Date: 2010-09-24 *08:11:17
Start-Date: 2010-09-24 *09:15:48
Install: fortunes-min (1.99.1-3.1ubuntu4), fortune-mod (1.99.1-3.1ubuntu4), librecode0 (3.6-17)End-Date: 2010-09-24 *09:15:51** * * * * * * * *
Of these, only realpath has a timestamp around the time of the link. *But it's about 3 minutes too late to be the culprit. *I recall I was just trying to make one of my standard scripts work (one that resolves my $pwd to a path without symbolic links.) *I don't recall any connection to completions.

--
Kevin O'Gorman, PhD



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users