From owner-freebsd-security Sun Aug 19 19:38:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-172.zoominternet.net [24.154.28.172]) by hub.freebsd.org (Postfix) with ESMTP id 6F11537B408 for ; Sun, 19 Aug 2001 19:38:22 -0700 (PDT) (envelope-from behanna@zbzoom.net) Received: from topperwein.dyndns.org (topperwein.dyndns.org [192.168.168.10]) by topperwein.dyndns.org (8.11.4/8.11.4) with ESMTP id f7K2cXv06318 for ; Sun, 19 Aug 2001 22:38:33 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Sun, 19 Aug 2001 22:38:28 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: Subject: Re: Rooted In-Reply-To: <5.1.0.14.2.20010819201719.02396ff0@mail.alzaid.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 19 Aug 2001, Rami AlZaid wrote: > At 12:26 AM 8/19/2001, you wrote: > >You may also be backdoored; if you weren't running something like tripwire > >to catch changes in your system files, you may want to go ahead and > >re-install FreeBSD entirely. May not be necessary, but it shouldn't hurt. > > Would deleting /usr/src, cvsuping all the source, making world and > replacing all the files in /usr/local/etc and /etc remove the > backdoors? or is it necessary to wipe the hard disk and install > everything all over again? Are you certain that gcc wasn't backdoored, or install, or what-have-you? That's one reason among many that you need to wipe the disk and start over, then install tripwire and chkrootkit the next time around. -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message