From owner-freebsd-security Thu Dec 7 7:41:40 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 7 07:41:38 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 59ACB37B400 for ; Thu, 7 Dec 2000 07:41:34 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 1443AU-0003nM-00; Thu, 07 Dec 2000 17:41:10 +0200 Date: Thu, 7 Dec 2000 17:41:10 +0200 (IST) From: Roman Shterenzon To: Marc Rassbach Cc: Subject: Re: Move along, nothing to see here. Re: Important!! Vulnerabili ty in standard ftpd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 2 Dec 2000, Marc Rassbach wrote: > After the linux boxen were used to portscan other boxes, did I get to > scrub the BSD box :-) The Linux boxes....they were all re-installed from > scratch. They couldn't find ALL the trojans with the linux box. From > the BSD side.... make world and the script kiddies were gone. The book "Practical UNIX And Internet Security" from O'reilly describes a real case when the backdoor was implemented in the binary of the compiler; Then, the compiler produced with the backdored compiler produced a backdored /bin/login (or whatever it was) and the backdoor wasn't in source of any of the above (anymore). And, of course the /bin/login created with the backdoored compiler contained the backdoor. Clever trick, huh? --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message