Date: Fri, 27 Jul 2001 20:25:27 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Jon Loeliger <jdl@jdl.com> Cc: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca>, security@freebsd.org Subject: Re: Some Followup on that ypchfn mess of mine Message-ID: <20010727202527.E1105@ringworld.oblivion.bg> In-Reply-To: <200107271716.MAA15378@chrome.jdl.com>; from jdl@jdl.com on Fri, Jul 27, 2001 at 12:16:16PM -0500 References: <3B616ED0.8050808@lmc.ericsson.se> <200107271716.MAA15378@chrome.jdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 27, 2001 at 12:16:16PM -0500, Jon Loeliger wrote: > So, like "Antoine Beaupre (LMC)" was saying to me just the other day: > > Hi. > > > > Sorry to be a pain, but you really should kill this machine. Just backup > > your data, format the drive and reinstall from trusted source. > > > > You can't just keep playing around this box and expect to fix > > everything. Unless you already had some IDS such as tripwire, it's > > almost impossible. > > > > Reinstall. It's for your own good. :) > > > > A. > > OK, I'll state it publicly: > > This machine will be rebuilt from sources. > The old disk will be completely reformatted. > I'm putting a new firewall in place first. Sorry to be a pain ;) But sometimes, a rebuild from sources might not be enough: you'll have to perform at least the install on the machine in question (unless you take off the hard disk, mount it on another machine, build from sources, and install with a DESTDIR pointing to this machine's filesystems). This still poses a risk, albeit unlikely, of somebody having compromised your compiler, make(1), install(1), perl, and whatever else is running on the machine before the installation starts using the newly-compiled binaries. This is why I - following the advice of others, including http://www.FreeBSD.org/security/ - recommended backing up the data, then reinstalling from a CD (or over the net; the point is, reinstalling from a install medium completely unrelated to the compromised machine). G'luck, Peter -- Do you think anybody has ever had *precisely this thought* before? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010727202527.E1105>