Re: chfn, date, chsh INFECTED according to chkrootkit

From: Thordur Ivar B. (thib_at_mi.is)
Date: 08/18/04

  • Next message: mario.lobo_at_ipad.com.br: "Re: Report of collision-generation with MD5" 
    Date: Wed, 18 Aug 2004 18:35:29 +0000
To: freebsd-security@freebsd.org

    On Wed, 18 Aug 2004 12:41:42 -0400 (EDT)
    Matt Piechota <piechota@argolis.org> wrote:

    > On Wed, 18 Aug 2004, Thordur Ivar B. wrote:
    >
    > > Yes ofcourse you will need to trust your own toolchain and compiler (I keep
    > > "trusted" binarys on CD to use in cases like this. (And for post-mortem
    > > inspection.)
    >
    > I'm curious, where do the "trusted" binaries come from? In theory,
    > the FreeBSD build machine could have been hacked a long time ago and the
    > hack keeps propagating.
    >
    > --
    > Matt Piechota

    Note the "" around trusted. There is no way (besieds manually going through the
    entire src-tree to be sure that the sources are "trust worthy" but I have the
    highest confident of the administrative personnel wich keep's the source safe
    and the machines uncomprimised and the developers in general.

    If I did not "trust" them I would simply shutdown my machines, remove the caples
    and throw it out the window.

    My $0.05 

    -- 
Kv, thib[att]mi{dot}is
A man can do as he will, but not will as he will.
		-- Arthur Schopenhauer
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: mario.lobo_at_ipad.com.br: "Re: Report of collision-generation with MD5"