On Wed, Dec 16, 2009 at 05:59:13PM -0500, [email protected] wrote: > Whether I run 'strings' on the binary files or view with vim or gedit, here > is what is always seen inside the binaries: > > __gmon_start__ > _Jv_RegisterClasses
They're put there by gcc and are perfectly harmless. What makes you suspicious of them in any way? If you inspect these programs or libraries with objdump, you'll see stuff like 0000000000000000 w D *UND* 0000000000000000 __gmon_start__ 0000000000000000 w D *UND* 0000000000000000 _Jv_RegisterClasses that indicates that these are "weak" references, meaning that they don't necessarily even do anything. The symbols are basically stubs that can optionally be filled in at linktime but don't need to be. Digging into the gcc source code, it's apparent that __gmon_start__ can be used by some profiling libraries, while _Jv_RegisterClasses has something arcane to do with calling C++ code from Java, or something like that. (Remember that the gcc suite includes a Java compiler and related tools.) You can find all the source in the gcc source tree. You may not see these symbols on OpenBSD systems because they don't include Java or gprof support in the gcc builds. That's just a guess, though. I don't know that for sure. I'm all for some healthy paranoia, but really, when faced with the possibilities "oh my god, the whole world has been pwned" or "I must be misunderstanding something", go with the latter. noah
signature.asc
Description: Digital signature
