On Thu, 9 Feb 2012, Jason Fergus <le...@thefnords.org> wrote: > Out of curiosity, couldn't one technically boot up a liveCD, mount the > drive(s) and then download the .debs individually, then extract them > over the mounted partitions, effectively copying over all of the > binaries.
There is the possibility of SUID binaries not owned by packages and the issue of configuration files which have malicious changes. The best thing to do is to install all the same packages on a new system and then run a "diff -r" on the /etc directory and determine which differences are desired configuration changes and which might have been made by the attacker. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201202091529.38623.russ...@coker.com.au
