From owner-freebsd-security  Thu Nov 15  0: 1: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.netnam.vn (smtp.netnam.vn [203.162.7.93])
	by hub.freebsd.org (Postfix) with ESMTP id D6E1537B405
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Nov 2001 00:00:52 -0800 (PST)
Received: from mailserver ([10.9.4.34])
	by smtp.netnam.vn (8.10.2/8.10.2) with ESMTP id fAF81rm24877
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Nov 2001 15:01:53 +0700 (GMT)
Received: from 192.168.0.29 by mailserver ([192.168.0.2] running VPOP3) with ESMTP for <freebsd-security@FreeBSD.ORG>; Thu, 15 Nov 2001 14:40:22 +0700
Message-Id: <5.1.0.14.2.20011115143223.04264050@MailServer>
X-Sender: stefan.probst@MailServer
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 15 Nov 2001 14:37:23 +0700
To: freebsd-security@FreeBSD.ORG
From: Stefan Probst <stefan.probst@opticom.v-nam.net>
Subject: Spoofing file information?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Server: VPOP3 V1.4.6 - Registered
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Dear All,

how easy/difficult would it be for an intruder to spoof file modification 
dates and sizes (i.e. the data which show up in an "ls -al")?

I have e.g. in my root directory:
/kernel          (3258128 Nov 20  2000)
/kernel.GENERIC  (3258128 Nov 20  2000)
Can I trust, that those are identical files (i.e. the kernel is still 
intact), even if somebody intruded?

Tnx,
Stefan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message