From owner-freebsd-security Thu Apr 19 3:38:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id DC09337B424 for ; Thu, 19 Apr 2001 03:37:56 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id MAA32082; Thu, 19 Apr 2001 12:37:11 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Peter Pentchev Cc: "David G. Andersen" , Kris Kennaway , fukuda shinichi , freebsd-security@FreeBSD.ORG Subject: Re: unknown process References: <200104190324.VAA14081@faith.cs.utah.edu> <20010419123915.A446@ringworld.oblivion.bg> From: Dag-Erling Smorgrav Date: 19 Apr 2001 12:37:10 +0200 In-Reply-To: <20010419123915.A446@ringworld.oblivion.bg> Message-ID: Lines: 13 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Peter Pentchev writes: > On Thu, Apr 19, 2001 at 11:31:26AM +0200, Dag-Erling Smorgrav wrote: > > It's not either/or. The only acceptable solution to this situation is > > a complete reinstall from a trusted source (e.g. original CD set). > ..and during the install, examine your backups A backup is not a trusted source. Never reinstall from backups after a compromise. Restoring user data from backup is acceptable as long as you are certain that none of that data is executable. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message