Date: Wed, 9 Oct 2002 13:27:18 +0000 From: Dragos Ruiu <dr@kyx.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Sendmail trojan...? Message-ID: <200210091327.18139.dr@kyx.net> In-Reply-To: <20021009080341.A26616@zardoc.esmtp.org> References: <3DA3AE76.1070006@deevil.homeunix.org> <20021009142546.GA27227@darkstar.doublethink.cx> <20021009080341.A26616@zardoc.esmtp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On October 9, 2002 03:03 pm, Claus Assmann wrote: > On Wed, Oct 09, 2002, Chris Faulhaber wrote: > > Yes, the source in the tree has been verified against the > > signed tarball; plus, it was the configure script that was > > backdoored which buildworld does not use. > > It was not the configure script. I'm wondering who came up with > this rumor; please stop spreading it. Where is the best collection of forensic information about this so the method can be understood and effects checked=20 for? The CERT advisory mentioned trojaned versions "contain malicious code that is run during the process of building the software." It was less than illuminating about the method after that. thanks, --dr --=20 dr@kyx.net pgp: http://dragos.com/kyxpgp Advance CanSecWest/03 registration available: http://cansecwest.com "The question of whether computers can think is like the question of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210091327.18139.dr>