Date: Wed, 12 Apr 1995 19:55:15 +0200 From: Julian Howard Stacey <jhs@regent.e-technik.tu-muenchen.de> To: security@FreeBSD.org Subject: satan as a trojan Message-ID: <199504121755.TAA01259@vector.eikon.e-technik.tu-muenchen.de>
next in thread | raw e-mail | index | archive | help
An extract on paper from a jpl.nasa.gov internal doc, makes the point one must be careful which site one gets Satan source from, as tampered code could contain hidden code. It'd be all too easy to reflexively : archie satan .... ftp ... run What better target for a trojan horse diseminator, than the machines of people concerned enough to run security checkers. It's a case where a `blessed` port stored locally on freefall could be reassuring, also ideally such port should only be updated after the maintainer actually understands the upgrade diffs from his master feed site :-) I guess if one ftp's some kind of checksum off the Satan master site & the code itself off a local high speed site it should be OK, but I suspect `cksum` can be easily fooled, so I hope & assume Satan master site will be offering something harder to forge. I'll wait for someone else to port Satan, I'm spending time on Hylafax (replaces flexfax). Julian Stacey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504121755.TAA01259>