From owner-freebsd-security Fri Jan 25 15:22:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id F09E037B41B for ; Fri, 25 Jan 2002 15:22:19 -0800 (PST) Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by mail.wlcg.com (8.11.6/8.11.6) with ESMTP id g0PNM8741549; Fri, 25 Jan 2002 18:22:08 -0500 (EST) (envelope-from rsimmons@wlcg.com) Date: Fri, 25 Jan 2002 18:22:04 -0500 (EST) From: Robert Simmons To: "f.johan.beisser" Cc: freebsd-security@FreeBSD.ORG Subject: Re: theo In-Reply-To: <20020125151048.C32624-100000@localhost> Message-ID: <20020125182148.X41395-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Thank you, if I knew you I would kiss you. Robert Simmons Systems Administrator http://www.wlcg.com/ E3E2 C83A 95A2 DDDC BF7F 6889 74B6 5850 880E B566 On Fri, 25 Jan 2002, f.johan.beisser wrote: > On Fri, 25 Jan 2002, Robert Simmons wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: RIPEMD160 > > > > Lets say someone has a machine they don't have console access to, but they > > know that the OS comes back every time they reboot the fucker. > > > > The kernel is on the old hard drive, with the swap garbage. The brand > > spanking new OS is mirrored on a twed. How can I tell that the core > > team's brand spanking newly de scriptkiddified kernel is the one that > > boots? dmesg? > > generally, i can tell via an ls -al /kernel, and checking the timestamp. > failing that, i can look at the output from uname: > > FreeBSD pogo.caustic.org 4.4-STABLE FreeBSD 4.4-STABLE #1: Wed Nov 14 > 11:14:38 PST 2001 root@pogo.caustic.org:/usr/src/sys/compile/POGO i386 > > and looking at that alone, i can tell (i tend to rebuild the kernel once > each major change/kernel level patch. so, in this case, the timestamp on > the uname output (Wed Nov 14 11:14:38 PST 2001) tells me that this is the > kernel i build ages ago. > > should i do more frequent rebuilds, the string "FreeBSD 4.4-STABLE #1" > would tell me which build number of the kernel (since building POGO's > first kernel) i have. > > if what you're refrencing is the specific kernel loaded by the loader, > unless you change it at boot time (unload kernel, load , boot), > it will default to /kernel. > > > BTW, there isn't a floppy installed, nor a CD_ROM. > > that's fine, you can change the device that the kernel is loaded from if > you really wish too. > > > Also, you win, you people get the prize for the most security alerts in > > one year. :) > > thanks. i tend to be glad to see so many security alerts. makes me feel > like someone is finding, and fixing, problems in the OS. "Security is not > a product, it is a process" and all that jazz. > > btw, anyone know who said that? i'm inclined to think it's bruce schneier. > > > > -------/ f. johan beisser /--------------------------------------+ > http://caustic.org/~jan jan@caustic.org > "John Ashcroft is really just the reanimated corpse > of J. Edgar Hoover." -- Tim Triche > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8UeigdLZYUIgOtWYRA/NuAKC8yNAKlFQ4MZ/81x3Vc2yvH1uhcQCaA4mo v6Eamd5j5v4Wd1YjtdBoZWc= =tDzk -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message