[CentOS] gigantic memory leak in Clock Applet...

Mon Jan 7 16:10:53 UTC 2013
m.roth at 5-cent.us <m.roth at 5-cent.us>

Nicolas Thierry-Mieg wrote:
> m.roth at 5-cent.us wrote:
>> ken wrote:
>>>> On Sun, Jan 06, 2013 at 06:23:20PM -0500, ken wrote:
>>>>> On 01/06/2013 05:18 PM fred smith wrote:
>>>>>> On Sun, Jan 06, 2013 at 02:43:09PM -0500, ken wrote:
>>>>>>> On 01/06/2013 09:55 AM fred smith wrote:
>>>>>>>> On Sun, Jan 06, 2013 at 06:33:07AM -0500, ken wrote:
>>>>>>>>>
>>>>>>>>> Also running an up-to-date 5.8 but with just 2G of RAM,
>>>>>>>>> clock-applet consumes the following:
>>>>>>>>>
>>>>>>>>> PID USER PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
>>>>>>>>> 4133 me  15   0 29568 3748 2944 S  0.0  0.2 190:51.33
>>>>>>>>> clock-applet
>> <snip>
>>>>>> it's the same version and size as yours, but the md5sum differs.
>>>>>> have you perhaps disabled prelink? (I don't call that I have ever done
>>>>>> so) It's not obvious to me what other (legitimate) event would account
>>>>>> for the difference in checksum.
>> <snip>
>> I've not been in this thread, but the above cmt *deeply* disturbs me.
>> I'd >> start by yum remove the package with the applet and reinstall...
after
>> double checking what mirror it's getting the package from.
>>
>> Yes, an infected repo is what's running through my mind, or a hijacked
>> URL.
>
> highly unlikely IMO.
> Remember: packages are signed. A bad guy would also need to have the
> centos key...
>
> and I believe prelink does this sort of thing.

Would change the md5sum of the package?

       mark