From owner-freebsd-security  Sat Dec  2 10:30:07 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id KAA23475
          for security-outgoing; Sat, 2 Dec 1995 10:30:07 -0800
Received: from uucp1.calweb.com (root@uucp1.calweb.com [165.90.138.20])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA23406
          for <security@FreeBSD.ORG>; Sat, 2 Dec 1995 10:29:59 -0800
Received: (from rdugaue@localhost) by uucp1.calweb.com (8.7.2/8.7.2) id KAA01601; Sat, 2 Dec 1995 10:30:32 GMT
Date: Sat, 2 Dec 1995 10:30:32 +0000 ()
From: Robert Du Gaue <rdugaue@calweb.com>
To: Robert Watson <robert@fledge.watson.org>
cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>,
        Michael Smith <msmith@atrad.adelaide.edu.au>, security@FreeBSD.ORG
Subject: Re: ****HELP***** 
In-Reply-To: <Pine.BSF.3.91.951202131254.17800D-100000@fledge.watson.org>
Message-ID: <Pine.BSF.3.91.951202102847.1571B-100000@uucp1.calweb.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
Precedence: bulk

I plan on rebuilding a new system from scratch, then I'll wipe all the 
bin directories clena on the compromised systems and use the rebuilt 
system to update all the bins. Which should I do?

/bin /sbin /usr/sbin /usr/bin   Where else? I know there are alot I'm 
missing...


On Sat, 2 Dec 1995, Robert Watson wrote:

> Date: Sat, 2 Dec 1995 13:14:42 -0500 (EST)
> From: Robert Watson <robert@fledge.watson.org>
> To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
> Cc: Michael Smith <msmith@atrad.adelaide.edu.au>,
>     Robert Du Gaue <rdugaue@calweb.com>, security@FreeBSD.ORG
> Subject: Re: ****HELP***** 
> 
> 
> Actually, what might be nice is to include the MD5's with the system, and 
> have a script in daily.local that verifies that the key system binaries 
> are correct.  Obviously then the md5 file would be at risk, but..  This 
> would also be nice, unrelated to the daily part, after an upgrade to 
> check if there are any old binaries lying around.
> 
> Actually, one thing I was going to ask about was -- is there a difference 
> between the 2.1.0 binaries for standard executables (eg., pine) and the 
> 2.0.5 ones?  Is there anyway I can use strings (or something) to get a 
> list of all the old binaries on my system and upgrade them if needed?
> 
> On Sat, 2 Dec 1995, Jordan K. Hubbard wrote:
> 
> > > Jordan; how hard would it be to generate a file with the md5's of a stock
> > > release system's "standard binaries" for this sort of thing?
> > 
> > Probably not too hard.  Let me think about it.  You'd want a file
> > for each distrib, probably.
> > 
> > 					Jordan
>