From owner-freebsd-security Fri Apr 14 17:24:42 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id RAA19264 for security-outgoing; Fri, 14 Apr 1995 17:24:42 -0700 Received: from mail.barrnet.net (mail.BARRNET.NET [131.119.246.7]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id RAA19153 for ; Fri, 14 Apr 1995 17:18:52 -0700 Received: from vector.eikon.e-technik.tu-muenchen.de (vector.eikon.e-technik.tu-muenchen.de [129.187.142.36]) by mail.barrnet.net (8.6.10/MAIL-RELAY-LEN) with ESMTP id RAA06591 for ; Fri, 14 Apr 1995 17:13:33 -0700 Received: (from jhs@localhost) by vector.eikon.e-technik.tu-muenchen.de (8.6.11/8.6.9) id TAA01259 for security@freebsd.org; Wed, 12 Apr 1995 19:55:15 +0200 Date: Wed, 12 Apr 1995 19:55:15 +0200 From: Julian Howard Stacey Message-Id: <199504121755.TAA01259@vector.eikon.e-technik.tu-muenchen.de> To: security@FreeBSD.org Subject: satan as a trojan Sender: security-owner@FreeBSD.org Precedence: bulk An extract on paper from a jpl.nasa.gov internal doc, makes the point one must be careful which site one gets Satan source from, as tampered code could contain hidden code. It'd be all too easy to reflexively : archie satan .... ftp ... run What better target for a trojan horse diseminator, than the machines of people concerned enough to run security checkers. It's a case where a `blessed` port stored locally on freefall could be reassuring, also ideally such port should only be updated after the maintainer actually understands the upgrade diffs from his master feed site :-) I guess if one ftp's some kind of checksum off the Satan master site & the code itself off a local high speed site it should be OK, but I suspect `cksum` can be easily fooled, so I hope & assume Satan master site will be offering something harder to forge. I'll wait for someone else to port Satan, I'm spending time on Hylafax (replaces flexfax). Julian Stacey