rkhunter message

I got this from the rkhunter cron job today ( never seen it before, or the
files listed):
Warning: Suspicious file types found in /dev:
         /dev/shm/mono-shared-1000-shared_fileshare-paulandcilla.homelinux.org-Linux-i686-36-12-0:
data
         /dev/shm/mono-shared-1000-shared_data-paulandcilla.homelinux.org-Linux-i686-312-12-0:
data
         /dev/shm/mono.17997: data


:/dev/shm# ls -l
total 8
-rw-r----- 1 pbc pbc    4096 2009-10-04 13:11 mono.17997
-rw-r----- 1 pbc pbc   79880 2009-10-04 13:11
mono-shared-1000-shared_data-paulandcilla.homelinux.org-Linux-i686-312-12-0
-rw-r----- 1 pbc pbc 3686404 2009-10-04 13:11
mono-shared-1000-shared_fileshare-paulandcilla.homelinux.org-Linux-i686-36-12-0


should I be worried?
running lenny, updated..
--
Paul Cartwright


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

On Mon, Oct 5, 2009 at 11:09 PM, Paul Cartwright <paul@...> wrote:
> :/dev/shm# ls -l
> total 8
> -rw-r----- 1 pbc pbc    4096 2009-10-04 13:11 mono.17997
> -rw-r----- 1 pbc pbc   79880 2009-10-04 13:11
> mono-shared-1000-shared_data-paulandcilla.homelinux.org-Linux-i686-312-12-0
> -rw-r----- 1 pbc pbc 3686404 2009-10-04 13:11
> mono-shared-1000-shared_fileshare-paulandcilla.homelinux.org-Linux-i686-36-12-0

It doesn't seem harmful to me.
Just remember that /dev/shm stands for SHared Memory, thus it's a
world writable directory.
There's no Set-UID/GID so nothing to worry about those files.

You can check the owner, pbc and what he's used for but don't stress,
rkhunter use to display warnings about lots non problematic things.

--
Marguerie Jérémie
Student in EPITA


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...