Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Jul 2001 17:58:30 -0500
From:      Jon Loeliger <jdl@jdl.com>
To:        Peter Pentchev <roam@orbitel.bg>
Cc:        "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca>, security@freebsd.org
Subject:   Re: Some Followup on that ypchfn mess of mine 
Message-ID:  <200107292258.RAA21644@chrome.jdl.com>
In-Reply-To: Your message of "Fri, 27 Jul 2001 20:25:27 %2B0300." <20010727202527.E1105@ringworld.oblivion.bg> 

next in thread | previous in thread | raw e-mail | index | archive | help
So, like Peter Pentchev was saying to me just the other day:
> > 
> > OK, I'll state it publicly:
> > 
> >     This machine will be rebuilt from sources.
> >     The old disk will be completely reformatted.
> >     I'm putting a new firewall in place first.
> 
> Sorry to be a pain ;)  But sometimes, a rebuild from sources might
> not be enough:

I wasn't clear.  I will take a stock 4.3 release and install
that onto _new_ disk.  I will then rebuild world with some
uprev'ed sources and install that.

I will format the old, compromised disk and newfs it straight up.

> you'll have to perform at least the install on
> the machine in question (unless you take off the hard disk, mount
> it on another machine, build from sources, and install with a DESTDIR
> pointing to this machine's filesystems).

> This still poses a risk,
> albeit unlikely, of somebody having compromised your compiler, make(1),
> install(1), perl, and whatever else is running on the machine before
> the installation starts using the newly-compiled binaries.

In any event, these all go too.  I've downloaded a 4.3 release
from ftp2.FreeBSD.org already and have started that install
and "make world" onto an entirely _new_ disk.

> This is why I - following the advice of others, including
> http://www.FreeBSD.org/security/ - recommended backing up the data,
> then reinstalling from a CD (or over the net; the point is, reinstalling
> from a install medium completely unrelated to the compromised machine).

Absolutley.  Yes.

jdl

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107292258.RAA21644>