From owner-freebsd-stable  Tue Jul 24 10:16:29 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp.wanadoo.nl (smtp2.wanadoo.nl [194.134.35.138])
	by hub.freebsd.org (Postfix) with ESMTP id A602037B6AC
	for <freebsd-stable@FreeBSD.ORG>; Tue, 24 Jul 2001 10:16:06 -0700 (PDT)
	(envelope-from steveo@eircom.net)
Received: from ams-gw.sohara.org (p049.vcu.wanadoo.nl [194.134.200.49])
	by smtp.wanadoo.nl (8.11.3/8.11.3) with SMTP id f6OHFwj29125;
	Tue, 24 Jul 2001 19:15:58 +0200 (MEST)
Date: Tue, 24 Jul 2001 19:15:56 +0200
From: "Steve O'Hara-Smith" <steveo@eircom.net>
To: The Psychotic Viper <psyv@root.org.za>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: probably remote exploit
Message-Id: <20010724191556.25cb1c9e.steveo@eircom.net>
In-Reply-To: <Pine.BSF.4.21.0107220333420.21423-100000@lucifer.fuzion.za.org>
References: <15194.2597.335066.379263@guru.mired.org>
	<Pine.BSF.4.21.0107220333420.21423-100000@lucifer.fuzion.za.org>
X-Mailer: Sylpheed version 0.4.99cvs3 (GTK+ 1.2.10; i386-unknown-freebsdelf4.3)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Sun, 22 Jul 2001 03:56:26 +0200 (SAST)
The Psychotic Viper <psyv@root.org.za> wrote:


TV> Sure it takes time to to backup user data, reinstall of multiple machines
TV> but it may save a lot of time when you have to keep rebuilding your
TV> machine because your visitor keeps getting back in. Also prevents them
TV> getting in remotely (hopefully) through a known vulnerablity if you
TV> install the latest release of whatever OS you have. 

	Of course if the invader managed to lodge a starter somewhere in the
user data then sooner or later you're open again :(

	Complete security is a myth, unless you built the hardware yourself
in a closed room, audited (or preferably wrote) all the code and all executable
and configuration data is physically read only *before* any connection can be
made. Even then some bright spark will probably find a hole!

	All you can do is raise the bar high enough to send the invader
somewhere else, or try and trap them and find them. Reinstall from clean
media and restore user data is about as good as you can reasonably do and
it puts the bar pretty high.

-- 
    Directable Mirrors - A Better Way To Focus The Sun

	 	        http://www.best.com/~sohara

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message