From owner-freebsd-stable  Sat Jul 21 15:26:26 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from ece.cmu.edu (ECE.CMU.EDU [128.2.236.200])
	by hub.freebsd.org (Postfix) with ESMTP id 0796A37B408
	for <freebsd-stable@FreeBSD.ORG>; Sat, 21 Jul 2001 15:26:10 -0700 (PDT)
	(envelope-from allbery@ece.cmu.edu)
Received: from vpn88.ece.cmu.edu (ANNEX-4.ECE.CMU.EDU [128.2.136.4])
	(authenticated)
	by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id f6LMO3g12429;
	Sat, 21 Jul 2001 18:24:03 -0400 (EDT)
Date: Sat, 21 Jul 2001 18:24:00 -0400
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
To: "Chad R. Larson" <chad@DCFinc.com>, Mike Meyer <mwm@mired.org>
Cc: Chris Faulhaber <jedgar@fxp.org>, Tom <tom@uniserve.com>,
	admin@kremilek.gyrec.cz, freebsd-stable@FreeBSD.ORG
Subject: Re: probably remote exploit
Message-ID: <37430000.995754239@vpn88.ece.cmu.edu>
In-Reply-To: <20010721140425.B18907@freeway.dcfinc.com>
References: <Pine.LNX.3.96.1010720174942.651C-100000@kremilek.gyrec.cz>
 <Pine.BSF.4.10.10107200923060.4917-100000@athena.uniserve.ca>
 <20010720111551.A12442@freeway.dcfinc.com>
 <20010720141820.C47930@peitho.fxp.org>
 <20010720140331.A12903@freeway.dcfinc.com>
 <15192.57986.777597.940024@guru.mired.org>
 <20010721140425.B18907@freeway.dcfinc.com>
X-Mailer: Mulberry/2.1.0a6 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Saturday, July 21, 2001 14:04:25 -0700, "Chad R. Larson" 
<chad@DCFinc.com> wrote:
+-----
| I still believe only the CVSup binary itself would have to be off a CD
+--->8

Depends on the paranoia level, I guess.  There could still be "evil" 
loadable kernel modules; the compiler could have been modified (see 
"Reflections on Trusting Trust"); there are *lots* of ways that someone 
could control the result of a buildworld, if they really wanted to.

Complete certainty requires a nuke and full reinstall; anything less leaves 
room for someone to booby-trap the rebuild.  That said, it'd be unusual if 
you even needed to do anything other than rebuild the world already 
present; skriptkiddiez don't usually do anything other than replace running 
binaries and config files.

-- 
brandon s. allbery  [os/2][linux][solaris][freebsd]   allbery@kf8nh.apk.net
system administrator   [JAPH][WAY too many hats]        allbery@ece.cmu.edu
electrical and computer engineering                                   KF8NH
carnegie mellon university     [linux: proof of the million monkeys theory]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message