Date: Sun, 19 Aug 2001 22:38:28 -0400 (EDT) From: Chris BeHanna <behanna@zbzoom.net> To: <freebsd-security@freebsd.org> Subject: Re: Rooted Message-ID: <Pine.BSF.4.32.0108192236470.6275-100000@topperwein.dyndns.org> In-Reply-To: <5.1.0.14.2.20010819201719.02396ff0@mail.alzaid.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 19 Aug 2001, Rami AlZaid wrote:
> At 12:26 AM 8/19/2001, you wrote:
> >You may also be backdoored; if you weren't running something like tripwire
> >to catch changes in your system files, you may want to go ahead and
> >re-install FreeBSD entirely. May not be necessary, but it shouldn't hurt.
>
> Would deleting /usr/src, cvsuping all the source, making world and
> replacing all the files in /usr/local/etc and /etc remove the
> backdoors? or is it necessary to wipe the hard disk and install
> everything all over again?
Are you certain that gcc wasn't backdoored, or install, or
what-have-you?
That's one reason among many that you need to wipe the disk and
start over, then install tripwire and chkrootkit the next time around.
--
Chris BeHanna
Software Engineer (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0108192236470.6275-100000>