From owner-freebsd-security Tue Jul 24 11:33:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id ADAF537B403 for ; Tue, 24 Jul 2001 11:33:41 -0700 (PDT) (envelope-from ben@FreeBSD.org) Received: from strontium.shef.vinosystems.com ([192.168.91.36] ident=root) by scientia.demon.co.uk with esmtp (Exim 3.30 #1) id 15P6zz-000MuP-00; Tue, 24 Jul 2001 19:33:39 +0100 Received: (from ben@localhost) by strontium.shef.vinosystems.com (8.11.4/8.11.4) id f6OIXdW04179; Tue, 24 Jul 2001 19:33:39 +0100 (BST) (envelope-from ben@FreeBSD.org) X-Authentication-Warning: strontium.shef.vinosystems.com: ben set sender to ben@FreeBSD.org using -f Date: Tue, 24 Jul 2001 19:33:39 +0100 From: Ben Smithurst To: Jon Loeliger , security@freebsd.org Subject: Re: Security Check Diffs Question Message-ID: <20010724193339.H20105@strontium.shef.vinosystems.com> References: <200107241632.LAA05639@chrome.jdl.com> <20010724205228.A16243@ringworld.oblivion.bg> <20010724190607.F20105@strontium.shef.vinosystems.com> <20010724212444.A19217@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="gr/z0/N6AeWAPJVB" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010724212444.A19217@ringworld.oblivion.bg> X-PGP-Key: http://www.smithurst.org/ben/pgp-key.txt Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --gr/z0/N6AeWAPJVB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Peter Pentchev wrote: > 'Replacing' would not be enough - removing the file or moving something > over it (the way install(1) does) would change its inode number. I meant if they did something like cat my_trojan > /usr/bin/su or whatever, which wouldn't change the inode number... But... > The ctime, too, can be changed, =2E.. Never mind then. :-( Maybe /etc/security should be updated to do stuff with mtree's md5/sha1 digest stuff... --=20 Ben Smithurst / ben@FreeBSD.org FreeBSD: The Power To Serve http://www.FreeBSD.org/ --gr/z0/N6AeWAPJVB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7Xb+CbPzJ+yzvRCwRArAIAJwIuy80YiSSB96cNnM59MKSDFbIMQCfWbHB N1N++Upsz+rsXHXEXsKReFU= =bIV0 -----END PGP SIGNATURE----- --gr/z0/N6AeWAPJVB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message