Date: Mon, 23 Jul 2001 10:01:40 -0400 From: Jason Andresen <jandrese@mitre.org> To: Mike Hoskins <mike@adept.org> Cc: Tom <tom@uniserve.com>, "Chad R. Larson" <chad@dcfinc.com>, admin@kremilek.gyrec.cz, freebsd-stable@freebsd.org Subject: Re: probably remote exploit Message-ID: <3B5C2E44.2B7D7DF8@mitre.org> References: <Pine.BSF.4.21.0107201151110.17247-100000@snafu.adept.org>
index | next in thread | previous in thread | raw e-mail
Mike Hoskins wrote: > > On Fri, 20 Jul 2001, Tom wrote: > > > But if a backdoor is installed, you can't trust cvsup, or make either. > > Any binary could have been tampered with. For instance, I would make a > > backdoor make that would detect that an installworld is underway, and > > always make sure that a backdoored copy of of "login" and another copy of > > "make". > > What? Everyone can't just do a quick check against the saved tripwire > checksums on CD-R? ;) Seriously. While checksuming an entire system can > be impractical, keeping checksums for a barebones set of administrative > tools can be a lifesaver. You need to boot off of the CDROM first, otherwise you might have an evil kernel module loaded that can send bogus data to your checksummer when it reads from the disk. It's not quite as easy as just mounting the CD and running the checksums. -- \ |_ _|__ __|_ \ __| Jason Andresen jandrese@mitre.org |\/ | | | / _| Network and Distributed Systems Engineer _| _|___| _| _|_\___| Office: 703-883-7755 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5C2E44.2B7D7DF8>