Date: Sun, 13 Jun 2004 07:29:26 +1000 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: Thordur Ivar <thib@mi.is> Cc: freebsd-security@freebsd.org Subject: Re: Hacked or not appendice Message-ID: <20040612212926.GL1596@cirb503493.alcatel.com.au> In-Reply-To: <20040612130307.2c4483cb.thib@mi.is> References: <019101c45072$a8b9cfe0$3501a8c0@pro.sk> <20040612130307.2c4483cb.thib@mi.is>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2004-Jun-12 13:03:07 +0000, Thordur Ivar wrote: >I have on a CD a number of binarys ( sources actually ) ( e.g. ls, >find, grep, awk, sed, locate e.t.c. ) and when I belive that a >machine has been cracked I remove the network cable from that machine >and mount the cdrom build the sources and start looking. If I need >something in that process I put it on my USB memstick from a 'trusted >machine' and move it by hand over. [Please wrap your mail before 80 characters] Why would you trust the toolchain on a potentially hacked machine? There's an old paper by Ken Thompson that dicusses patching the C compiler to recognize the login sources and re-introduce a backdoor - even it was removed from the login sources. You would be much better off booting a fixit CD-ROM and using that rather than trusting anything on the potentially hacked system. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040612212926.GL1596>