Re: Hacked or not appendice

From: Peter Jeremy (PeterJeremy_at_optushome.com.au)
Date: 06/12/04

  • Next message: Remko Lodder: "Re: [Freebsd-security] Re: Hacked or not appendice"
    Date: Sun, 13 Jun 2004 07:29:26 +1000
    To: Thordur Ivar <thib@mi.is>
    
    

    On Sat, 2004-Jun-12 13:03:07 +0000, Thordur Ivar wrote:
    >I have on a CD a number of binarys ( sources actually ) ( e.g. ls,
    >find, grep, awk, sed, locate e.t.c. ) and when I belive that a
    >machine has been cracked I remove the network cable from that machine
    >and mount the cdrom build the sources and start looking. If I need
    >something in that process I put it on my USB memstick from a 'trusted
    >machine' and move it by hand over.

    [Please wrap your mail before 80 characters]

    Why would you trust the toolchain on a potentially hacked machine?
    There's an old paper by Ken Thompson that dicusses patching the C
    compiler to recognize the login sources and re-introduce a backdoor -
    even it was removed from the login sources.

    You would be much better off booting a fixit CD-ROM and using that
    rather than trusting anything on the potentially hacked system.

    -- 
    Peter Jeremy
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Remko Lodder: "Re: [Freebsd-security] Re: Hacked or not appendice"

    Relevant Pages

    • Re: SUCCESS AT LAST
      ... >> "If the game wants to run from the CD, then your problem is that you ... >> not mount the CDROM drive in the .conf file or manually. ... guess you have to do two separate lines for the two drives.. ...
      (comp.sys.ibm.pc.games.adventure)
    • Re: cant mount drive
      ... > through the driver that runs the device. ... > mulfunctioning or something else is fixing itself on the cdrom. ... When I bootup it is giving an error of mount fd type ro is not ... The author of cdrecord should not be bothered with problems in ...
      (Fedora)
    • cannot mount cdrom!
      ... This is a normal ATAPI IDE cdrom drive, ... This is what happens when I try to mount ... Uniform CD-ROM driver Revision: 3.20 ... hdc: command error: status=0x51 ...
      (Debian-User)
    • Re: SUCCESS AT LAST
      ... >> not mount the CDROM drive in the .conf file or manually. ... >> where you put the correct drive letter for your system." ...
      (comp.sys.ibm.pc.games.adventure)
    • Re: SUCCESS AT LAST
      ... "If the game wants to run from the CD, then your problem is that you did not mount the CDROM drive in the .conf file or manually. ... I guess in your example above, you are saying if E was the hard drive you were installing the game on, and using f: as a Cdrom, you would type the above. ...
      (comp.sys.ibm.pc.games.adventure)