Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 21 Jul 2001 18:24:00 -0400
From:      "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
To:        "Chad R. Larson" <chad@DCFinc.com>, Mike Meyer <mwm@mired.org>
Cc:        Chris Faulhaber <jedgar@fxp.org>, Tom <tom@uniserve.com>, admin@kremilek.gyrec.cz, freebsd-stable@FreeBSD.ORG
Subject:   Re: probably remote exploit
Message-ID:  <37430000.995754239@vpn88.ece.cmu.edu>
In-Reply-To: <20010721140425.B18907@freeway.dcfinc.com>
References:  <Pine.LNX.3.96.1010720174942.651C-100000@kremilek.gyrec.cz> <Pine.BSF.4.10.10107200923060.4917-100000@athena.uniserve.ca> <20010720111551.A12442@freeway.dcfinc.com> <20010720141820.C47930@peitho.fxp.org> <20010720140331.A12903@freeway.dcfinc.com> <15192.57986.777597.940024@guru.mired.org> <20010721140425.B18907@freeway.dcfinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Saturday, July 21, 2001 14:04:25 -0700, "Chad R. Larson" 
<chad@DCFinc.com> wrote:
+-----
| I still believe only the CVSup binary itself would have to be off a CD
+--->8

Depends on the paranoia level, I guess.  There could still be "evil" 
loadable kernel modules; the compiler could have been modified (see 
"Reflections on Trusting Trust"); there are *lots* of ways that someone 
could control the result of a buildworld, if they really wanted to.

Complete certainty requires a nuke and full reinstall; anything less leaves 
room for someone to booby-trap the rebuild.  That said, it'd be unusual if 
you even needed to do anything other than rebuild the world already 
present; skriptkiddiez don't usually do anything other than replace running 
binaries and config files.

-- 
brandon s. allbery  [os/2][linux][solaris][freebsd]   allbery@kf8nh.apk.net
system administrator   [JAPH][WAY too many hats]        allbery@ece.cmu.edu
electrical and computer engineering                                   KF8NH
carnegie mellon university     [linux: proof of the million monkeys theory]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37430000.995754239>