possible compromise or just misreading logs
Dorin H
bj93542 at yahoo.com
Tue Dec 9 11:32:02 PST 2003
--- Garrett Wollman <wollman at khavrinen.lcs.mit.edu>
wrote:
> <<On Mon, 8 Dec 2003 08:04:28 -0800 (PST), Roger
> Marquis <marquis at roble.com> said:
>
> > Wouldn't effect tripwire. In addition to MD5
> you'd need to spoof
> > snefru, crc32, crc16, md4, md2, sha, and haval,
> and you''d have to
> > spoof them for, at a minimum, the tripwire binary
> and its database
> > file(s).
>
> Trivial -- all you have to do is keep backup copies
> of all the files
> replaced, and have the kernel redirect tripwire's
> access to the
> originals.
>
> -GAWollman
>
Of course, once somebody modifies your kernel, you
don't own the machine anymore . Boot a safe kernel:)
/Dorin.
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
More information about the freebsd-security
mailing list