From owner-freebsd-security Mon Aug 20 10:54:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id 3569537B40D for ; Mon, 20 Aug 2001 10:54:08 -0700 (PDT) (envelope-from rsimmons@wlcg.com) Received: (from root@localhost) by mail.wlcg.com (8.11.5/8.11.5) id f7KHs7w96674; Mon, 20 Aug 2001 13:54:07 -0400 (EDT) (envelope-from rsimmons@wlcg.com) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.5/8.11.5) with ESMTP id f7KHs1G96667; Mon, 20 Aug 2001 13:54:02 -0400 (EDT) (envelope-from rsimmons@wlcg.com) X-Authentication-Warning: mail.wlcg.com: rsimmons owned process doing -bs Date: Mon, 20 Aug 2001 13:53:58 -0400 (EDT) From: Rob Simmons To: David Kirchner Cc: Rami AlZaid , Subject: Re: Rooted In-Reply-To: <20010819170743.S38221-100000@localhost> Message-ID: <20010820135041.T91853-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 > If you want to be very careful, wiping the disk would be necessary. A > backdoor could be anywhere, including in programs not part of the base > system (such as bash from ports). It depends on how paranoid you are > however. If you're not too worried, re-installing from a fresh cvsup would > probably be good enough. You can check to see what programs are running as > servers by running: > > netstat -aAn | grep LISTEN > fstat | grep sockstat is a utility that combines the functionality of those two commands - good stuff. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7gU65v8Bofna59hYRA9rFAKCNT8RWka5V/fq3kOkU+Q3Phqk9YACfX8HO MXc5KUsToLUm7be6eJAHAF0= =75G4 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message