m.roth at 5-cent.us wrote: > ken wrote: >>> On Sun, Jan 06, 2013 at 06:23:20PM -0500, ken wrote: >>>> On 01/06/2013 05:18 PM fred smith wrote: >>>>> On Sun, Jan 06, 2013 at 02:43:09PM -0500, ken wrote: >>>>>> On 01/06/2013 09:55 AM fred smith wrote: >>>>>>> On Sun, Jan 06, 2013 at 06:33:07AM -0500, ken wrote: >>>>>>>> Fred, >>>>>>>> >>>>>>>> Also running an up-to-date 5.8 but with just 2G of RAM, >>>>>>>> clock-applet consumes the following: >>>>>>>> >>>>>>>> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND >>>>>>>> 4133 me 15 0 29568 3748 2944 S 0.0 0.2 190:51.33 clock-applet > <snip> >>>>> it's the same version and size as yours, but the md5sum differs. have >>>>> you perhaps disabled prelink? (I don't call that I have ever done so) >>>>> It's not obvious to me what other (legitimate) event would account for >>>>> the difference in checksum. > <snip> > I've not been in this thread, but the above cmt *deeply* disturbs me. I'd > start by yum remove the package with the applet and reinstall... after > double checking what mirror it's getting the package from. > > Yes, an infected repo is what's running through my mind, or a hijacked URL. highly unlikely IMO. Remember: packages are signed. A bad guy would also need to have the centos key... and I believe prelink does this sort of thing.