Date: Fri, 20 Jul 2001 11:28:09 -0700 (PDT) From: Tom <tom@uniserve.com> To: "Chad R. Larson" <chad@DCFinc.com> Cc: admin@kremilek.gyrec.cz, freebsd-stable@FreeBSD.ORG Subject: Re: probably remote exploit Message-ID: <Pine.BSF.4.10.10107201124410.70379-100000@athena.uniserve.ca> In-Reply-To: <20010720111551.A12442@freeway.dcfinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Jul 2001, Chad R. Larson wrote: > On Fri, Jul 20, 2001 at 09:24:20AM -0700, Tom wrote: > > There are known problems wiht ntpd, which you seem to be using. There > > is also a local exploit in 4.3-RELEASE. You should be on the > > freebsd-security mailing list, and you should be checking the archives > > of that list first. > > Also, to be sure no one installed any backdoors, you might want to > do a CVSup/buildworld/installworld cycle. But if a backdoor is installed, you can't trust cvsup, or make either. Any binary could have been tampered with. For instance, I would make a backdoor make that would detect that an installworld is underway, and always make sure that a backdoored copy of of "login" and another copy of "make". Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10107201124410.70379-100000>