Date: Sat, 21 Jul 2001 18:03:01 -0500 From: Mike Meyer <mwm@mired.org> To: "Chad R. Larson" <chad@DCFinc.com> Cc: Chris Faulhaber <jedgar@fxp.org>, Tom <tom@uniserve.com>, admin@kremilek.gyrec.cz, freebsd-stable@FreeBSD.ORG Subject: Re: probably remote exploit Message-ID: <15194.2597.335066.379263@guru.mired.org> In-Reply-To: <20010721140425.B18907@freeway.dcfinc.com> References: <Pine.LNX.3.96.1010720174942.651C-100000@kremilek.gyrec.cz> <Pine.BSF.4.10.10107200923060.4917-100000@athena.uniserve.ca> <20010720111551.A12442@freeway.dcfinc.com> <20010720141820.C47930@peitho.fxp.org> <20010720140331.A12903@freeway.dcfinc.com> <15192.57986.777597.940024@guru.mired.org> <20010721140425.B18907@freeway.dcfinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad R. Larson <chad@DCFinc.com> types: > > The bottom line is that you need to do the > > cvsup/buildworld/installworld with binaries that you trust. That > > means either ones that were checksummed before the break-in, or ones > > off a release cdrom. > I still believe only the CVSup binary itself would have to be off a CD > or match the checksum of a CD version (said checksum computed on some > other machine, I suppose). You may believe it, but the Thompson paper I referenced demonstrates that it isn't so. He describes a compromised C compiler he built which did two things that it shouldn't have: 1) It added a back door to login, which allowed root access to the machine. 2) It added itself back to the C compiler if it wasn't already there. So with that compromise in place, you do a cvsup and get clean sources. You recompile the compiler, and part two is triggered - your new compiler is compromised as well. You now recompile login with the "clean" compiler, and get a version with a back door in it. Any build tool that is used in generating itself and some suid program could be compromised in this way. Which pretty much means to be safe, you need clean versions of all the build tools. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15194.2597.335066.379263>