Date: Tue, 24 Jul 2001 19:23:27 +0100 From: Ben Smithurst <ben@FreeBSD.org> To: alex wetmore <alex@phred.org> Cc: Peter Pentchev <roam@orbitel.bg>, Jon Loeliger <jdl@jdl.com>, security@freebsd.org Subject: Re: Security Check Diffs Question Message-ID: <20010724192327.G20105@strontium.shef.vinosystems.com> In-Reply-To: <20010724110942.L32042-100000@phred.org> References: <20010724190607.F20105@strontium.shef.vinosystems.com> <20010724110942.L32042-100000@phred.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--IrhDeMKUP4DT/M7F Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable alex wetmore wrote: >> hmm, so if an intruder replaced a file without changing it's link count, >> size, or modification time, I wouldn't be alerted? Perhaps we should >> change the security script to print the files ctime instead of mtime, >> since the ctime can't be forged? >=20 > Or keep md5 signatures around... well, yes, but that requires more than a single character change to /etc/security. :-) --=20 Ben Smithurst / ben@FreeBSD.org FreeBSD: The Power To Serve http://www.FreeBSD.org/ --IrhDeMKUP4DT/M7F Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7Xb0ebPzJ+yzvRCwRAjbxAKDKVH09rpYc85kvQtlXdBk0nYTKHwCcCcDA VYQdU61kajpaiZam4CmisL0= =Kzt9 -----END PGP SIGNATURE----- --IrhDeMKUP4DT/M7F-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010724192327.G20105>