|Jordan K. Hubbard||Nov 30, 1995 12:00 am|
|Robert Du Gaue||Nov 30, 1995 12:54 am|
|Julian H. Stacey||Nov 30, 1995 7:24 am|
|Cy Schubert - BCSC Open Systems Group||Nov 30, 1995 7:48 am|
|Michael Constant||Dec 1, 1995 9:33 pm|
|Jordan K. Hubbard||Dec 2, 1995 1:51 am|
|Robert Du Gaue||Dec 2, 1995 2:30 am|
|Ollivier Robert||Dec 2, 1995 3:32 am|
|Bruce Evans||Dec 2, 1995 4:32 am|
|Robert Watson||Dec 2, 1995 10:14 am|
|Michael Smith||Dec 2, 1995 11:09 am|
|Michael Smith||Dec 2, 1995 12:37 pm|
|Robert Watson||Dec 2, 1995 12:56 pm|
|Jordan K. Hubbard||Dec 2, 1995 1:59 pm|
|John Goerzen||Dec 2, 1995 8:11 pm|
|Jordan K. Hubbard||Dec 3, 1995 12:48 am|
|John Goerzen||Dec 3, 1995 11:45 pm|
|Garrett A. Wollman||Dec 4, 1995 7:12 am|
|Brown, James F.||Dec 5, 1995 12:40 pm||.dat|
|From:||Robert Watson (rob...@fledge.watson.org)|
|Date:||Dec 2, 1995 12:56:42 pm|
/usr/local/bin, some systems have /usr/contrib/bin, /usr/libexec, /usr/local/libexec, /usr/local/sbin, also do your libs -- /usr/lib, /usr/local/lib, if you haev X, /usr/X11R6/bin, /usr/X11R6/lib, /stand if you use it.. and /lkm.
In fact, it occurs to me that if you're really concerned, maybe it would be best just to reinstall FreeBSD on that system? Or use the upgrade package in 2.1.0 to overwrite the distribution itself (backing up heavily first, though.) That way you know that things are configured/installed without backdoors (assuming you trust Jordan, and I think most of us do :). Kind of a pain for a often-used system with a lot of personal configuration details, but..
Anyhow, that's what I'd do. Also, if you haven't yet, file a report with CERT and scan their archives for stuff that might be relevant. Also, you might check to see if the most recent ftp related CERT advisory effects you -- I think there's probably a group of people who read the advisories, and test their ISP at once :). Unless you've changed your ftp config under FreeBSD to enable it, it shouldn't work, though.
On Sat, 2 Dec 1995, Robert Du Gaue wrote:
I plan on rebuilding a new system from scratch, then I'll wipe all the bin directories clena on the compromised systems and use the rebuilt system to update all the bins. Which should I do?
/bin /sbin /usr/sbin /usr/bin Where else? I know there are alot I'm missing...
On Sat, 2 Dec 1995, Robert Watson wrote:
Date: Sat, 2 Dec 1995 13:14:42 -0500 (EST) From: Robert Watson <rob...@fledge.watson.org> To: "Jordan K. Hubbard" <jk...@time.cdrom.com> Cc: Michael Smith <msm...@atrad.adelaide.edu.au>, Robert Du Gaue <rdug...@calweb.com>, secu...@FreeBSD.ORG Subject: Re: ****HELP*****
Actually, what might be nice is to include the MD5's with the system, and have a script in daily.local that verifies that the key system binaries are correct. Obviously then the md5 file would be at risk, but.. This would also be nice, unrelated to the daily part, after an upgrade to check if there are any old binaries lying around.
Actually, one thing I was going to ask about was -- is there a difference between the 2.1.0 binaries for standard executables (eg., pine) and the 2.0.5 ones? Is there anyway I can use strings (or something) to get a list of all the old binaries on my system and upgrade them if needed?
On Sat, 2 Dec 1995, Jordan K. Hubbard wrote:
Jordan; how hard would it be to generate a file with the md5's of a stock release system's "standard binaries" for this sort of thing?
Probably not too hard. Let me think about it. You'd want a file for each distrib, probably.