From owner-freebsd-security Sat Dec 2 12:57:23 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA19389 for security-outgoing; Sat, 2 Dec 1995 12:57:23 -0800 Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.95.74]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA19335 for ; Sat, 2 Dec 1995 12:57:16 -0800 Received: (from robert@localhost) by fledge.watson.org (8.6.12/8.6.10) id PAA18431; Sat, 2 Dec 1995 15:57:01 -0500 Date: Sat, 2 Dec 1995 15:57:01 -0500 (EST) From: Robert Watson To: Robert Du Gaue cc: "Jordan K. Hubbard" , Michael Smith , security@FreeBSD.ORG Subject: Re: ****HELP***** In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG Precedence: bulk /usr/local/bin, some systems have /usr/contrib/bin, /usr/libexec, /usr/local/libexec, /usr/local/sbin, also do your libs -- /usr/lib, /usr/local/lib, if you haev X, /usr/X11R6/bin, /usr/X11R6/lib, /stand if you use it.. and /lkm. In fact, it occurs to me that if you're really concerned, maybe it would be best just to reinstall FreeBSD on that system? Or use the upgrade package in 2.1.0 to overwrite the distribution itself (backing up heavily first, though.) That way you know that things are configured/installed without backdoors (assuming you trust Jordan, and I think most of us do :). Kind of a pain for a often-used system with a lot of personal configuration details, but.. Anyhow, that's what I'd do. Also, if you haven't yet, file a report with CERT and scan their archives for stuff that might be relevant. Also, you might check to see if the most recent ftp related CERT advisory effects you -- I think there's probably a group of people who read the advisories, and test their ISP at once :). Unless you've changed your ftp config under FreeBSD to enable it, it shouldn't work, though. On Sat, 2 Dec 1995, Robert Du Gaue wrote: > I plan on rebuilding a new system from scratch, then I'll wipe all the > bin directories clena on the compromised systems and use the rebuilt > system to update all the bins. Which should I do? > > /bin /sbin /usr/sbin /usr/bin Where else? I know there are alot I'm > missing... > > > On Sat, 2 Dec 1995, Robert Watson wrote: > > > Date: Sat, 2 Dec 1995 13:14:42 -0500 (EST) > > From: Robert Watson > > To: "Jordan K. Hubbard" > > Cc: Michael Smith , > > Robert Du Gaue , security@FreeBSD.ORG > > Subject: Re: ****HELP***** > > > > > > Actually, what might be nice is to include the MD5's with the system, and > > have a script in daily.local that verifies that the key system binaries > > are correct. Obviously then the md5 file would be at risk, but.. This > > would also be nice, unrelated to the daily part, after an upgrade to > > check if there are any old binaries lying around. > > > > Actually, one thing I was going to ask about was -- is there a difference > > between the 2.1.0 binaries for standard executables (eg., pine) and the > > 2.0.5 ones? Is there anyway I can use strings (or something) to get a > > list of all the old binaries on my system and upgrade them if needed? > > > > On Sat, 2 Dec 1995, Jordan K. Hubbard wrote: > > > > > > Jordan; how hard would it be to generate a file with the md5's of a stock > > > > release system's "standard binaries" for this sort of thing? > > > > > > Probably not too hard. Let me think about it. You'd want a file > > > for each distrib, probably. > > > > > > Jordan > > >