From owner-freebsd-security Mon Jul 28 19:02:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id TAA24030 for security-outgoing; Mon, 28 Jul 1997 19:02:02 -0700 (PDT) Received: from cyrus.watson.org (robert@cyrus.watson.org [207.86.4.20]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA23972 for ; Mon, 28 Jul 1997 19:01:22 -0700 (PDT) Received: from localhost (robert@localhost) by cyrus.watson.org (8.8.5/8.8.5) with SMTP id WAA04931; Mon, 28 Jul 1997 22:01:01 -0400 (EDT) Date: Mon, 28 Jul 1997 22:01:00 -0400 (EDT) From: Robert Watson Reply-To: Robert Watson To: Vincent Poy cc: "Matthew N. Dodd" , security@FreeBSD.ORG, JbHunt , "[Mario1-]" Subject: Re: security hole in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 28 Jul 1997, Vincent Poy wrote: > On Mon, 28 Jul 1997, Matthew N. Dodd wrote: > > =)On Mon, 28 Jul 1997, Vincent Poy wrote: > =)> That wouldn't do any good if the user can chflags noschg on the > =)> binaries you have schg on. > =) > =)'man init' > > True but if you needed to compile -current, you would need to > remove the schg flags on some binaries before the make world. Hence my suggestion that you boot from floppy. You now know you are running the correct kernel, and have the required set of utilities to get things going. To be entirely honest, if you system is that hacked to pieces, you really need to reinstall. The chances of missing something at this point are just to great. Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Security Research, Trusted Information Systems http://www.tis.com/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@tis.com http://www.watson.org/~robert/