Re: possible compromise or just misreading logs
From: Dorin H (bj93542_at_yahoo.com)
Date: 12/09/03
- Previous message: Garrett Wollman: "Re: possible compromise or just misreading logs"
- In reply to: Garrett Wollman: "Re: possible compromise or just misreading logs"
- Next in thread: Jez Han***: "Re: possible compromise or just misreading logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Dec 2003 11:32:01 -0800 (PST) To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
--- Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
wrote:
> <<On Mon, 8 Dec 2003 08:04:28 -0800 (PST), Roger
> Marquis <marquis@roble.com> said:
>
> > Wouldn't effect tripwire. In addition to MD5
> you'd need to spoof
> > snefru, crc32, crc16, md4, md2, sha, and haval,
> and you''d have to
> > spoof them for, at a minimum, the tripwire binary
> and its database
> > file(s).
>
> Trivial -- all you have to do is keep backup copies
> of all the files
> replaced, and have the kernel redirect tripwire's
> access to the
> originals.
>
> -GAWollman
>
Of course, once somebody modifies your kernel, you
don't own the machine anymore . Boot a safe kernel:)
/Dorin.
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Garrett Wollman: "Re: possible compromise or just misreading logs"
- In reply to: Garrett Wollman: "Re: possible compromise or just misreading logs"
- Next in thread: Jez Han***: "Re: possible compromise or just misreading logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
