On Sun, Sep 3, 2017 at 9:17 AM, x9p wrote: > the differences between both files doesn't look that much (vimdiff on xxd > output below), just wondering what might have caused such differences > between the same kernel module, from the same package, same distribution.
A better tool to compare binaries is diffoscope, it can disassembles ELF binaries and compare the assembly. Please upload the two tun.ko files to the trydiffoscope website so that we can investigate the differences more closely: https://try.diffoscope.org/ > 00037a0: 2f62 7569 6c64 2f6c 696e 7578 2d31 774a /build/linux-1wJ | > 00037a0: 2f62 7569 6c64 2f6c 696e 7578 2d63 6835 /build/linux-ch5 > 00037b0: 4f58 392f 6c69 6e75 782d 332e 3136 2e34 OX9/linux-3.16.4 | > 00037b0: 3366 412f 6c69 6e75 782d 332e 3136 2e34 3fA/linux-3.16.4 > > 0003870: 696e 7578 2d31 774a 4f58 392f 6c69 6e75 inux-1wJOX9/linu | > 0003870: 696e 7578 2d63 6835 3366 412f 6c69 6e75 inux-ch53fA/linu > > 00038a0: 2f62 7569 6c64 2f6c 696e 7578 2d31 774a /build/linux-1wJ | > 00038a0: 2f62 7569 6c64 2f6c 696e 7578 2d63 6835 /build/linux-ch5 > 00038b0: 4f58 392f 6c69 6e75 782d 332e 3136 2e34 OX9/linux-3.16.4 | > 00038b0: 3366 412f 6c69 6e75 782d 332e 3136 2e34 3fA/linux-3.16.4 These look like they are two different builds of the Debian Linux kernel package. If you or your cloud provider did not rebuild the Debian Linux kernel package, then it is possible your cloud server has been compromised and tun.ko modified with the version from a different build of the package. Are there any other modified files on the system? You can use debsums to check. PS: I would suggest upgrading to Debian stretch at some point. -- bye, pabs https://wiki.debian.org/PaulWise
