From owner-freebsd-security Wed May 30 7:10:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 3C28537B423 for ; Wed, 30 May 2001 07:10:28 -0700 (PDT) (envelope-from rich@rdrose.org) Received: from localhost (rik@localhost) by pkl.net (8.9.3/8.9.3) with ESMTP id PAA06670 for ; Wed, 30 May 2001 15:10:23 +0100 Date: Wed, 30 May 2001 15:10:23 +0100 (BST) From: rich@rdrose.org X-Sender: rik@pkl.net To: freebsd-security@FreeBSD.ORG Subject: Re: freebsd rootkit In-Reply-To: <20010530093611.C27126@tjhsst.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 30 May 2001, Andrew Barros wrote: > Someone should add it in ports. Now, to me, that seems like a *reallly* bad idea. Imagine the situation: Some not so nice person keeps an eye on the ports tree for software with vulnerabilites that are not yet fixed, or indeed uses FreeBSD and keeps an up to date ports tree. They will see the words "rootkit". Can you imagine that? The look on their face. They'll re-read it. They'll stop and think for a moment. They'll re-read it again. Then, this thought will fly through their mind: "If I ever break into a FreeBSD machine, I've got a free rootkit. I don't even need to bother covering my tracks cleverly anymore". I would suggest *not* putting the rootkit in the ports tree, if only to save those who have only just installed FreeBSD and are just learning the Unix world. rik To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message