From owner-freebsd-security  Thu May 11  9:11:53 2000
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 1C2D737B612
	for <freebsd-security@FreeBSD.ORG>; Thu, 11 May 2000 09:11:49 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id MAA17380;
	Thu, 11 May 2000 12:11:40 -0400 (EDT)
	(envelope-from wollman)
Date: Thu, 11 May 2000 12:11:40 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200005111611.MAA17380@khavrinen.lcs.mit.edu>
To: Paul Hart <hart@iserver.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: envy.vuurwerk.nl daily run output
In-Reply-To: <Pine.BSF.4.21.0005110953510.8386-100000@anchovy.orem.iserver.com>
References: <391A8A3C.795C15F7@algroup.co.uk>
	<Pine.BSF.4.21.0005110953510.8386-100000@anchovy.orem.iserver.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Thu, 11 May 2000 10:03:38 -0600 (MDT), Paul Hart <hart@iserver.com> said:

> If I can root your box, what's to stop me from falsifying the
> reference data in /var used by /etc/security to detect system
> changes?

Stupidity and inexperience.  Also, not all break-ins result in root
compromise.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message