From owner-freebsd-security Fri Jul 27 10:26:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.39]) by hub.freebsd.org (Postfix) with SMTP id 514DF37B401 for ; Fri, 27 Jul 2001 10:26:24 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 11291 invoked by uid 1000); 27 Jul 2001 17:25:27 -0000 Date: Fri, 27 Jul 2001 20:25:27 +0300 From: Peter Pentchev To: Jon Loeliger Cc: "Antoine Beaupre (LMC)" , security@freebsd.org Subject: Re: Some Followup on that ypchfn mess of mine Message-ID: <20010727202527.E1105@ringworld.oblivion.bg> Mail-Followup-To: Jon Loeliger , "Antoine Beaupre (LMC)" , security@freebsd.org References: <3B616ED0.8050808@lmc.ericsson.se> <200107271716.MAA15378@chrome.jdl.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200107271716.MAA15378@chrome.jdl.com>; from jdl@jdl.com on Fri, Jul 27, 2001 at 12:16:16PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jul 27, 2001 at 12:16:16PM -0500, Jon Loeliger wrote: > So, like "Antoine Beaupre (LMC)" was saying to me just the other day: > > Hi. > > > > Sorry to be a pain, but you really should kill this machine. Just backup > > your data, format the drive and reinstall from trusted source. > > > > You can't just keep playing around this box and expect to fix > > everything. Unless you already had some IDS such as tripwire, it's > > almost impossible. > > > > Reinstall. It's for your own good. :) > > > > A. > > OK, I'll state it publicly: > > This machine will be rebuilt from sources. > The old disk will be completely reformatted. > I'm putting a new firewall in place first. Sorry to be a pain ;) But sometimes, a rebuild from sources might not be enough: you'll have to perform at least the install on the machine in question (unless you take off the hard disk, mount it on another machine, build from sources, and install with a DESTDIR pointing to this machine's filesystems). This still poses a risk, albeit unlikely, of somebody having compromised your compiler, make(1), install(1), perl, and whatever else is running on the machine before the installation starts using the newly-compiled binaries. This is why I - following the advice of others, including http://www.FreeBSD.org/security/ - recommended backing up the data, then reinstalling from a CD (or over the net; the point is, reinstalling from a install medium completely unrelated to the compromised machine). G'luck, Peter -- Do you think anybody has ever had *precisely this thought* before? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message