From owner-freebsd-security Wed May 30 7:19:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from euphoria.digitalextreme.org (euphoria.digitalextreme.org [204.212.149.31]) by hub.freebsd.org (Postfix) with SMTP id 71CCE37B43C for ; Wed, 30 May 2001 07:19:07 -0700 (PDT) (envelope-from subscribed@de-net.org) Received: (qmail 80680 invoked by uid 504); 30 May 2001 07:14:39 -0000 Received: from unknown (HELO extremist) (204.212.149.57) by euphoria.digitalextreme.org with SMTP; 30 May 2001 07:14:39 -0000 From: "Dan Graaff" To: Subject: RE: freebsd rootkit Date: Wed, 30 May 2001 07:18:09 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org rik, Humor or not, the idea is to not be compromised to begin with.. I think if it were added to the ports tree it would NOT increase the chances of you being rooted, because if you WERE being attacked by someone whos intent is to root you.. you'd be rooted anyway! Thats the whole problem with the gun laws.. those who want guns will get them legally or illegally... the ports collection is a convienience, not something hackers rely on, or even use... -Dan Graaff / Digital The DE-Network -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of rich@rdrose.org Sent: Wednesday, May 30, 2001 7:10 AM To: freebsd-security@FreeBSD.ORG Subject: Re: freebsd rootkit On Wed, 30 May 2001, Andrew Barros wrote: > Someone should add it in ports. Now, to me, that seems like a *reallly* bad idea. Imagine the situation: Some not so nice person keeps an eye on the ports tree for software with vulnerabilites that are not yet fixed, or indeed uses FreeBSD and keeps an up to date ports tree. They will see the words "rootkit". Can you imagine that? The look on their face. They'll re-read it. They'll stop and think for a moment. They'll re-read it again. Then, this thought will fly through their mind: "If I ever break into a FreeBSD machine, I've got a free rootkit. I don't even need to bother covering my tracks cleverly anymore". I would suggest *not* putting the rootkit in the ports tree, if only to save those who have only just installed FreeBSD and are just learning the Unix world. rik To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message