Date: Tue, 18 Feb 1997 05:17:47 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: "Julian H. Stacey" <jhs@freebsd.org> Cc: security@freebsd.org Subject: Re: I guess we need to read all code, not just SUID stuff ! Message-ID: <l03010d05af2f3d45d9be@[208.2.87.3]> In-Reply-To: <199702171819.TAA02087@vector.jhs.no_domain>
next in thread | previous in thread | raw e-mail | index | archive | help
>I'm hoping to be told I'm wrong below, >I'll be disappointed (& others more so) if I'm right :-) ..... > >Ref. the the freefall break in, & the planting of trojans, in bin path, >& possible planting of trojans in src/ >& intention to read code for manipulation ... > >We presumably don't need to just read the SUID stuff, >we need to read all 120M of src/ :-( Although it is certainly a good idea to review all the source code, an uncompromised archive of the ctm's does provide a shortcut because it is a sequence of "diff"s. If you assume that the source free from trojans on Date X, you need only look at the changes since then. You might be able to "read" the deltas directly or you could at least use them as a filter to eliminate all the programs which have had no changes at all. Unfortunately, "Date X" might be, (something, I'm not up on classical history) BC :-( The full audit needs to be done periodically as a safety precaution.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d05af2f3d45d9be>