Mike Hoskins wrote:
>
> On Fri, 20 Jul 2001, Tom wrote:
>
> > But if a backdoor is installed, you can't trust cvsup, or make either.
> > Any binary could have been tampered with. For instance, I would make a
> > backdoor make that would detect that an installworld is underway, and
> > always make sure that a backdoored copy of of "login" and another copy of
> > "make".
>
> What? Everyone can't just do a quick check against the saved tripwire
> checksums on CD-R? ;) Seriously. While checksuming an entire system can
> be impractical, keeping checksums for a barebones set of administrative
> tools can be a lifesaver.
You need to boot off of the CDROM first, otherwise you might have an
evil
kernel module loaded that can send bogus data to your checksummer when
it
reads from the disk. It's not quite as easy as just mounting the CD and
running the checksums.
--
\ |_ _|__ __|_ \ __| Jason Andresen [EMAIL PROTECTED]
|\/ | | | / _| Network and Distributed Systems Engineer
_| _|___| _| _|_\___| Office: 703-883-7755
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
