Re: Hacked or not appendice
From: Peter Jeremy (PeterJeremy_at_optushome.com.au)
Date: 06/12/04
- Previous message: Lupe Christoph: "Re: Hacked or not appendice"
- In reply to: Thordur Ivar: "Re: Hacked or not appendice"
- Next in thread: Remko Lodder: "Re: [Freebsd-security] Re: Hacked or not appendice"
- Reply: Remko Lodder: "Re: [Freebsd-security] Re: Hacked or not appendice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 13 Jun 2004 07:29:26 +1000 To: Thordur Ivar <thib@mi.is>
On Sat, 2004-Jun-12 13:03:07 +0000, Thordur Ivar wrote:
>I have on a CD a number of binarys ( sources actually ) ( e.g. ls,
>find, grep, awk, sed, locate e.t.c. ) and when I belive that a
>machine has been cracked I remove the network cable from that machine
>and mount the cdrom build the sources and start looking. If I need
>something in that process I put it on my USB memstick from a 'trusted
>machine' and move it by hand over.
[Please wrap your mail before 80 characters]
Why would you trust the toolchain on a potentially hacked machine?
There's an old paper by Ken Thompson that dicusses patching the C
compiler to recognize the login sources and re-introduce a backdoor -
even it was removed from the login sources.
You would be much better off booting a fixit CD-ROM and using that
rather than trusting anything on the potentially hacked system.
-- Peter Jeremy _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Lupe Christoph: "Re: Hacked or not appendice"
- In reply to: Thordur Ivar: "Re: Hacked or not appendice"
- Next in thread: Remko Lodder: "Re: [Freebsd-security] Re: Hacked or not appendice"
- Reply: Remko Lodder: "Re: [Freebsd-security] Re: Hacked or not appendice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
