From owner-freebsd-security  Fri Jun 20 12:09:31 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA19008
          for security-outgoing; Fri, 20 Jun 1997 12:09:31 -0700 (PDT)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA19000
          for <freebsd-security@FreeBSD.ORG>; Fri, 20 Jun 1997 12:09:23 -0700 (PDT)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.8.5/8.8.5) id PAA02705;
	Fri, 20 Jun 1997 15:09:16 -0400 (EDT)
Date: Fri, 20 Jun 1997 15:09:16 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199706201909.PAA02705@khavrinen.lcs.mit.edu>
To: Sean Kelly <kelly@fsl.noaa.gov>
Cc: freebsd-security@FreeBSD.ORG
Subject: Attempt to compromise root
In-Reply-To: <33AAB0CA.2781E494@fsl.noaa.gov>
References: <33AAB0CA.2781E494@fsl.noaa.gov>
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

<<On Fri, 20 Jun 1997 10:33:14 -0600, Sean Kelly <kelly@fsl.noaa.gov> said:

> (2) Can we get an option during the FreeBSD install to generate the
> md5/mtree digest?  Naturally, I read up on this feature after the
> attack, but after an attack it's too late.

There already is such a thing.  Every recent release includes mtree
files with md5 digests of everything included in the distribution.
See the FTP site or CD-ROM.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick