On Mon, 10 Sep 2001, Matt Block wrote: > It compiles the executable (using a potentially > compromized gcc, ld, etc.) and copies it (using a potentially > compromized cp) I think this needs to be emphasized...just in case anyone missed it. "using a potentially compromised gcc, ld, etc." "using a potentially compromised cp" And, unless I'm mistaken, the resulting executable will then proceed to re-infect everything after cleaning it first. Social engineering, or major oversight??? -- Jonathan Rickman X Corps Security http://www.xcorps.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 14:28:07 PDT