From owner-freebsd-security@FreeBSD.ORG  Wed Aug 18 16:41:44 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EA70916A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 18 Aug 2004 16:41:44 +0000 (GMT)
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C8CC843D49
	for <freebsd-security@freebsd.org>;
	Wed, 18 Aug 2004 16:41:44 +0000 (GMT)
	(envelope-from piechota@argolis.org)
Received: from acropolis.argolis.org ([68.48.78.160])
          by comcast.net (rwcrmhc13) with ESMTP
          id <2004081816414401500se8bpe>; Wed, 18 Aug 2004 16:41:44 +0000
Received: from acropolis.argolis.org (localhost [127.0.0.1])
	i7IGfgux007137;	Wed, 18 Aug 2004 12:41:42 -0400 (EDT)
	(envelope-from piechota@argolis.org)
Received: from localhost (piechota@localhost)i7IGfgv4007134;
	Wed, 18 Aug 2004 12:41:42 -0400 (EDT)
	(envelope-from piechota@argolis.org)
X-Authentication-Warning: acropolis.argolis.org: piechota owned process doing
	-bs
Date: Wed, 18 Aug 2004 12:41:42 -0400 (EDT)
From: Matt Piechota <piechota@argolis.org>
To: "Thordur Ivar B." <thib@mi.is>
In-Reply-To: <20040818162355.08596948.thib@mi.is>
Message-ID: <20040818123706.T887@acropolis.argolis.org>
References: <20040818121102.95460.qmail@web52402.mail.yahoo.com>
 <20040818142511.390043af.thib@mi.is> <20040818144948.GA55534@pc5.i.0x5.de>
 <20040818162355.08596948.thib@mi.is>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: freebsd-security@freebsd.org
Subject: Re: chfn, date, chsh INFECTED according to chkrootkit
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2004 16:41:45 -0000

On Wed, 18 Aug 2004, Thordur Ivar B. wrote:

> Yes ofcourse you will need to trust your own toolchain and compiler (I keep
> "trusted" binarys on CD to use in cases like this. (And for post-mortem
> inspection.)

I'm curious, where do the "trusted" binaries come from?  In theory, 
the FreeBSD build machine could have been hacked a long time ago and the 
hack keeps propagating.

-- 
Matt Piechota