On Wed, Dec 24, 2014 at 02:55:15PM +0100, Adam Wolk wrote:
> Hi all,
>
> I was doing a cursory look around my i386 laptop installation of OpenBSD
> snapshot from Dec 10 obtained from ftp://ftp.icm.edu.pl/ and noticed an
> unusual executable /bin/[
>
> It has the same timestamp as all other binaries installed with the Dec
> 10 snapshot.
> Does anyone know if this is normal and what this binary does or where it
> could came from?
It's not weird and has been in Unix for ages. It's is an alternative
name for test(1). man '[' and google will tell you it's use.
-Otto
>
> $ file /bin/\[
> /bin/[: ELF 32-bit LSB executable, Intel 80386, version 1, for OpenBSD,
> statically linked, stripped
> $
>
> $ sha256 /bin/\[
> SHA256 (/bin/[) =
> c7e1d47560e8d43f3430c2b7a83d92e9df2fc8d60102115b2544b72444d806d5
>
> $ ls -l /bin
> total 16544
> -r-xr-xr-x 2 root bin 95028 Dec 10 14:57 [
> -r-xr-xr-x 1 root bin 103220 Dec 10 14:57 cat
> -r-xr-xr-x 3 root bin 242484 Dec 10 14:57 chgrp
> -r-xr-xr-x 1 root bin 111412 Dec 10 14:57 chio
> -r-xr-xr-x 3 root bin 242484 Dec 10 14:57 chmod
> -r-xr-xr-x 5 root bin 144180 Dec 10 14:57 cksum
> -r-xr-xr-x 1 root bin 119604 Dec 10 14:57 cp
> -r-xr-xr-x 3 root bin 348980 Dec 10 14:57 cpio
> -r-xr-xr-x 1 root bin 373556 Dec 10 14:57 csh
> -r-xr-xr-x 1 root bin 131892 Dec 10 14:57 date
> -r-xr-xr-x 1 root bin 103220 Dec 10 14:57 dd
> -r-xr-xr-x 1 root bin 107316 Dec 10 14:57 df
> -r-xr-xr-x 1 root bin 90932 Dec 10 14:57 domainname
> -r-xr-xr-x 1 root bin 86836 Dec 10 14:57 echo
> -r-xr-xr-x 1 root bin 168756 Dec 10 14:57 ed
> -r-xr-xr-x 2 root bin 271156 Dec 10 14:57 eject
> -r-xr-xr-x 1 root bin 131892 Dec 10 14:57 expr
> -r-xr-xr-x 1 root bin 90932 Dec 10 14:57 hostname
> -r-xr-xr-x 1 root bin 95028 Dec 10 14:57 kill
> -r-xr-xr-x 3 root bin 418612 Dec 10 14:57 ksh
> -r-xr-xr-x 1 root bin 95028 Dec 10 14:57 ln
> -r-xr-xr-x 1 root bin 238388 Dec 10 14:57 ls
> -r-xr-xr-x 5 root bin 144180 Dec 10 14:57 md5
> -r-xr-xr-x 1 root bin 103220 Dec 10 14:57 mkdir
> -r-xr-xr-x 2 root bin 271156 Dec 10 14:57 mt
> -r-xr-xr-x 1 root bin 226100 Dec 10 14:57 mv
> -r-xr-xr-x 3 root bin 348980 Dec 10 14:57 pax
> -r-xr-xr-x 1 root bin 262964 Dec 10 14:57 ps
> -r-xr-xr-x 1 root bin 90932 Dec 10 14:57 pwd
> -r-xr-xr-x 3 root bin 418612 Dec 10 14:57 rksh
> -r-xr-xr-x 1 root bin 238388 Dec 10 14:57 rm
> -r-xr-xr-x 1 root bin 99124 Dec 10 14:57 rmdir
> -r-xr-xr-x 3 root bin 418612 Dec 10 14:57 sh
> -r-xr-xr-x 5 root bin 144180 Dec 10 14:57 sha1
> -r-xr-xr-x 5 root bin 144180 Dec 10 14:57 sha256
> -r-xr-xr-x 5 root bin 144180 Dec 10 14:57 sha512
> -r-xr-xr-x 1 root bin 99124 Dec 10 14:57 sleep
> -r-xr-xr-x 1 root bin 140084 Dec 10 14:57 stty
> -r-xr-xr-x 1 root bin 86836 Dec 10 14:57 sync
> -r-xr-xr-x 1 root bin 410420 Dec 10 14:58 systrace
> -r-xr-xr-x 3 root bin 348980 Dec 10 14:57 tar
> -r-xr-xr-x 2 root bin 95028 Dec 10 14:57 test
>
>
> $ strings /bin/\[
> QRP1
> [^_]
> [^]
> [^_]
> |Z;U
> |[^_]
> <[^_]
> <[^_]
> [^_]
> tB<%u
> x ;u
> [^_]
> ,[^_]
> ,[^_]
> ,[^_]
> [^_]
> ,[^_]
> [^_]
> uT@B
> uH@B
> u<@B
> u0@B
> u$@B
> [^_]
> <[^_]
> [^_]
> [^_]
> [^_]
> t\<0
> gfff
> [^_]
> [^_]
> [^_]
> [^_]
> \[^_]
> [^_]
> l[^_]
> $^_]
> [^_]
> <[^_]
> P^_]
> P^_]
> 0^_]
> `^_]
> L[^_]
> ,[^_]
> [^_]
> [^_]
> [^_]
> [^_]
> [^_]
> [^_]
> ,[^_]
> ,[^_]
> ,[^_]
> <[^_]
> t2)u
> <[^_]
> v69u
> [^_]
> 9G(u
> ,[^_]
> ,[^_]
> ,[^_]
> 0[^]
> [^_]
> ,[^_]
> [^_]
> [^_]
> L[^_]
> <<<w
> |[^_]
> L[^_]
> L[^_]
> L[^_]
> L[^_]
> [^_]
> ,[^_]
> f DV
> ,[^_]
> ,[^_]
> [^_]
> [^_]
> f1|H
> f DQ
> [^_]
> [^_]
> [^_]
> <[^_]
> [^_]
> P[^_]
> [^_]
> \[^_]
> ,[^_]
> <[^_]
> <[^_]
> %s: %s
> %s: out of range
> %s: bad number
> argument expected
> closing paren expected
> missing ]
> unknown operand
> getn
> binop
> nexpr
> _errx
> %s:
> fprintf
> __stack_smash_handler
> stack overflow in function %s
> syslog_r
> __vsyslog_r
> <%d>
> [%ld]
> Error %d
> /dev/console
> syslog%s: unknown facility/priority: %x
> libc
> Unknown signal:
> Unknown error:
> load_msgcat
> _catopen
> NLSPATH
> LC_ALL
> LC_MESSAGES
> LANG
> POSIX
> /usr/share/nls/%L/%N.cat:/usr/share/nls/%l.%c/%N.cat:/usr/share/nls/%l/%N.cat
> Undefined error: 0
> Operation not permitted
> No such file or directory
> No such process
> Interrupted system call
> Input/output error
> Device not configured
> Argument list too long
> Exec format error
> Bad file descriptor
> No child processes
> Resource deadlock avoided
> Cannot allocate memory
> Permission denied
> Bad address
> Block device required
> Device busy
> File exists
> Cross-device link
> Not a directory
> Is a directory
> Invalid argument
> Too many open files in system
> Too many open files
> Text file busy
> File too large
> No space left on device
> Illegal seek
> Read-only file system
> Too many links
> Broken pipe
> Result too large
> Operation now in progress
> Operation already in progress
> Destination address required
> Message too long
> Protocol not available
> Protocol not supported
> Socket type not supported
> Operation not supported
> Protocol family not supported
> Address already in use
> Network is down
> Network is unreachable
> Connection reset by peer
> No buffer space available
> Socket is already connected
> Socket is not connected
> Operation timed out
> Connection refused
> File name too long
> Host is down
> No route to host
> Directory not empty
> Too many processes
> Too many users
> Disk quota exceeded
> Stale NFS file handle
> RPC struct is bad
> RPC version wrong
> RPC prog. not avail
> Program version wrong
> Bad procedure for program
> No locks available
> Function not implemented
> Authentication error
> Need authenticator
> IPsec processing failure
> Attribute not found
> Illegal byte sequence
> No medium found
> Wrong medium type
> Operation canceled
> Identifier removed
> No message of desired type
> Not supported
> Operation not supported by device
> Inappropriate ioctl for device
> Numerical argument out of domain
> Resource temporarily unavailable
> Socket operation on non-socket
> Protocol wrong type for socket
> Address family not supported by protocol family
> Can't assign requested address
> Network dropped connection on reset
> Software caused connection abort
> Can't send after socket shutdown
> Too many references: can't splice
> Too many levels of symbolic links
> Too many levels of remote in path
> Inappropriate file type or format
> Value too large to be stored in data type
> Signal 0
> Hangup
> Interrupt
> Quit
> Illegal instruction
> Trace/BPT trap
> Abort trap
> EMT trap
> Floating point exception
> Killed
> Bus error
> Segmentation fault
> Bad system call
> Alarm clock
> Terminated
> Urgent I/O condition
> Suspended (signal)
> Suspended
> Continued
> Child exited
> Stopped (tty input)
> Stopped (tty output)
> I/O possible
> Cputime limit exceeded
> Filesize limit exceeded
> Virtual timer expired
> Profiling timer expired
> Window size changes
> Information request
> User defined signal 1
> User defined signal 2
> Thread AST
> vsnprintf
> (((((
> AAAAAA
> BBBBBB
> getenv
> snprintf
> __find_arguments
> __vfprintf
> 0123456789ABCDEF0123456789abcdefnan
> (null)
> bug in vfprintf: bad base
> __dtoa
> Infinity
> ?aCoc
> `__ldtoa
> __gdtoa
> <2ZGU
> ?__trailz_D2A
> __b2d_D2A
> __d2b_D2A
> O8M2
> [%Co
> vH7B
> W4vC
> __umoddi3
> __qdivrem
> alnum
> alpha
> blank
> cntrl
> graph
> lower
> print
> punct
> space
> upper
> xdigit
> NONE
> UTF8
> _citrus_utf8_ctype_wcsnrtombs
> abort
> __swhatbuf
> __smakebuf
> getpagesize
> isatty
> _signal
> ^[Yy]
> ^[Nn]
> Sunday
> Monday
> Tuesday
> Wednesday
> Thursday
> Friday
> Saturday
> January
> February
> March
> April
> June
> July
> August
> September
> October
> November
> December
> %a %b %e %H:%M:%S %Y
> %m/%d/%y
> %H:%M:%S
> %I:%M:%S %p
> wrterror
> malloc_init
> malloc() warning: unknown char in MALLOC_OPTIONS
> (%d) in
> recursive call
> chunk info corrupted
> modified chunk-pointer
> chunk is already free
> regions_total not 2^x
> internal struct corrupt
> munmap
> /etc/malloc.conf
> MALLOC_OPTIONS
> malloc init mmap failed
> out of memory
> malloc cache
> munmap round
> malloc cache underflow
> malloc free slot lost
> malloc cache overflow
> bogus pointer (double free?)
> bogus pointer
> guard size
> mprotect
> double free
> free():
> pp & bits
> posix_memalign():
> mapalign bad alignment
> mapalign round
> calloc():
> realloc():
> malloc():
> free() called before allocation
> memcpy
> backwards memcpy
> chacha_encrypt_bytes
> _rs_stir
> arc4random
> expand 32-byte kexpand 16-byte k
> <0000000000000000 z
> RuneCT10NONE
> OpenBSD
>
>
> Regards,
> --
> Adam Wolk
> adam.w...@koparo.com
