Date: Wed, 9 Oct 2002 13:27:18 +0000 From: Dragos Ruiu <dr@kyx.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Sendmail trojan...? Message-ID: <200210091327.18139.dr@kyx.net> In-Reply-To: <20021009080341.A26616@zardoc.esmtp.org> References: <3DA3AE76.1070006@deevil.homeunix.org> <20021009142546.GA27227@darkstar.doublethink.cx> <20021009080341.A26616@zardoc.esmtp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On October 9, 2002 03:03 pm, Claus Assmann wrote: > On Wed, Oct 09, 2002, Chris Faulhaber wrote: > > Yes, the source in the tree has been verified against the > > signed tarball; plus, it was the configure script that was > > backdoored which buildworld does not use. > > It was not the configure script. I'm wondering who came up with > this rumor; please stop spreading it. Where is the best collection of forensic information about this so the method can be understood and effects checked for? The CERT advisory mentioned trojaned versions "contain malicious code that is run during the process of building the software." It was less than illuminating about the method after that. thanks, --dr -- dr@kyx.net pgp: http://dragos.com/kyxpgp Advance CanSecWest/03 registration available: http://cansecwest.com "The question of whether computers can think is like the question of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210091327.18139.dr>