[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Re: Bind Overrun Bug and Linux

From: Leigh Porter <leigh wisper net>
To: linux-security redhat com
Subject: Re: [linux-security] Re: Re: Bind Overrun Bug and Linux
Date: Fri, 22 May 1998 13:05:35 +0000

Duncan Simpson wrote:

> A recent CERT advisory said the sort of things we expect
>
> ps, pstree, netstat, ls, etc  omit interesting information that you might not
>                               want to reveal.
> bind                          xterm backdoor.
>
> It has not happened to me so I do not know myself. Last time I recompiled
> everything from known clean source and it was *not fun*. I checked for hidden
> processes and stuff like that using echo * instead of ls (which is one of the
> most likely things to be trojanised).

I keep a secret store of such handy things as ls, ps etc on all my systems and
every
night I have a process check the md5sum of every config/binary/lib on the box
and report any problems to me.

No it's not fun :)

--
Leigh Porter

Follow-Ups:
- Re: [linux-security] Re: Re: Re: Bind Overrun Bug and Linux
  - From: Wietse Venema

References:
- Re: [linux-security] Re: Bind Overrun Bug and Linux
  - From: Duncan Simpson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]