Date: Wed, 10 Jan 2001 20:28:13 -0600 From: "Donald J. Maddox" <dmaddox@sc.rr.com> To: Trevor Johnson <trevor@jpj.net> Cc: Jason DiCioccio <Jason.DiCioccio@Epylon.com>, security@freebsd.org, Berend de Boer <berend@pobox.com> Subject: Re: CERT advisory: "Interbase Server Contains Compiled-in Back Door Account" Message-ID: <3A5D1A3D.A7163F8D@sc.rr.com> References: <Pine.BSI.4.30.0101102004020.20643-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
The advisory states quite clearly that the backdoor was not the work of evildoers from outside, but rather came from developers within Borland. Trevor Johnson wrote: > > > Can any users of this package confirm if they actually knew about > > this backdoor account? I don't see how a backdoor account accidently > > makes its way into a database package like this. If this was > > undocumented/unknown, I would have to assume it might have been > > intentional from someone working on the project perhaps? I do not > > use this database package, so I can't accuse anyone or any company of > > this, but it's hard to imagine a 'backdoor account' making it's way > > in the source otherwise. I guess we'll have to wait for a Borland > > advisory. > > Hi, Jason. I'm not sure what you mean: that we should assume > everything's fine and do nothing unless Borland also says there's a > problem, or that you will just be curious about the origin of the problem > until they explain it. > > FWIW the problem is also described at http://www.interbase2000.com/ (which > apparently does not belong to Borland). > > The backdoor is not documented in the pkg-descr file for the port. If the > port is not fixed or forbidden, and it has the backdoor, the fact should > at least be documented there. > -- > Trevor Johnson > http://jpj.net/~trevor/gpgkey.txt > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5D1A3D.A7163F8D>