From owner-freebsd-security  Tue May 29 15:34:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from home.ephemeron.org (cx838950-a.fed1.sdca.home.com [24.251.134.132])
	by hub.freebsd.org (Postfix) with ESMTP id 3D98D37B423
	for <freebsd-security@FreeBSD.ORG>; Tue, 29 May 2001 15:34:37 -0700 (PDT)
	(envelope-from bigby@ephemeron.org)
Received: from localhost (bigby@localhost)
	by home.ephemeron.org (8.9.3/8.9.3) with ESMTP id PAA95490
	for <freebsd-security@FreeBSD.ORG>; Tue, 29 May 2001 15:34:29 -0700 (PDT)
	(envelope-from bigby@ephemeron.org)
Date: Tue, 29 May 2001 15:34:29 -0700 (PDT)
From: Bigby Findrake <bigby@ephemeron.org>
To: freebsd-security@FreeBSD.ORG
Subject: Re: freebsd rootkit
In-Reply-To: <20010529134040.R98104-100000@awww.jeah.net>
Message-ID: <Pine.BSF.4.21.0105291533150.57736-100000@home.ephemeron.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, 29 May 2001, Chris Byrnes wrote:

> That's not a wise request on a list like this.  Backup, format and
> reinstall.

Why not?  Surely you're not suggesting that a rootkit is a bad thing, or
that no one here would help him find one - wouldn't that be rather silly
of us?  If we knew where one was, wouldn't it make the most sense to make
sure that anyone could get there hands on it?  Isn't that (among other
ways) how open software advances?  I can't count the number of times I've
seen security people make the argument that everyone should own lockpicks.

If I misunderstood, you, Chris, what did you mean?

> 
> 
>         Chris Byrnes (chris@JEAH.net)
>     JEAH Communications, LLC (www.JEAH.net)
>        Call toll-free!  1-866-AWW-JEAH
> 
> 
> On Wed, 30 May 2001, Lim Seng Chor wrote:
> 
> > sorry, you all misunderstood me... : (
> >
> > i am the system admin of my site here, and i am suspecting my
> > user is compromising my system files. i would like to check on
> > what the files availble in rootkit, and see whether my users are
> > using that or not.
> > it is just for security audit purpose....
> >
> > stop xxxxxxx me please....
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message