Date: Tue, 9 Dec 2003 11:32:01 -0800 (PST) From: Dorin H <bj93542@yahoo.com> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: freebsd-security@freebsd.org Subject: Re: possible compromise or just misreading logs Message-ID: <20031209193201.1585.qmail@web12605.mail.yahoo.com> In-Reply-To: <200312081646.hB8GkQIX035167@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Garrett Wollman <wollman@khavrinen.lcs.mit.edu> wrote: > <<On Mon, 8 Dec 2003 08:04:28 -0800 (PST), Roger > Marquis <marquis@roble.com> said: > > > Wouldn't effect tripwire. In addition to MD5 > you'd need to spoof > > snefru, crc32, crc16, md4, md2, sha, and haval, > and you''d have to > > spoof them for, at a minimum, the tripwire binary > and its database > > file(s). > > Trivial -- all you have to do is keep backup copies > of all the files > replaced, and have the kernel redirect tripwire's > access to the > originals. > > -GAWollman > Of course, once somebody modifies your kernel, you don't own the machine anymore . Boot a safe kernel:) /Dorin. __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031209193201.1585.qmail>