Re: Hacked or not appendice

看板FB_security作者時間21年前 (2004/06/13 13:33), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/5 (看更多)
On Sat, 2004-Jun-12 13:03:07 +0000, Thordur Ivar wrote: >I have on a CD a number of binarys ( sources actually ) ( e.g. ls, >find, grep, awk, sed, locate e.t.c. ) and when I belive that a >machine has been cracked I remove the network cable from that machine >and mount the cdrom build the sources and start looking. If I need >something in that process I put it on my USB memstick from a 'trusted >machine' and move it by hand over. [Please wrap your mail before 80 characters] Why would you trust the toolchain on a potentially hacked machine? There's an old paper by Ken Thompson that dicusses patching the C compiler to recognize the login sources and re-introduce a backdoor - even it was removed from the login sources. You would be much better off booting a fixit CD-ROM and using that rather than trusting anything on the potentially hacked system. -- Peter Jeremy _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 PeterJeremy. 的文章
文章代碼(AID): #10o-Ss00 (FB_security)
更多 PeterJeremy. 的文章
文章代碼(AID): #10o-Ss00 (FB_security)