Re: /bin/login listening?
On 2007-07-29, Celejar <celejar@gmail.com> wrote:
>>
>> That's what I was thinking. But is there any way a rootkit could
>> interfere with my downloading and compiling from source? I was hoping
>> that doing things 'by hand' would limit the possibilities for
>> compromising the result.
>
> In theory, certainly. Your downloading agent is probably invoking
> system libraries, which may be compromised and substituting bad
> source. The system may not even be running your download agent at
> all! Or it may subsequently lie to you and assure you that it's
> running the downloaded app when it really isn't. Whether all this is
> at all plausible is a different question.
>
So if I'm compromised nothing is safe, and the only guaranteed way to
clear this up is to format my harddrive and reinstall. Given that the
only evidence of a problem is a warning about /bin/login listening
from rkhunter, which happened only once, and I have had no other
problems with my net connection or general performance of my laptop,
let alone mysterious withdrawals from my bank account or other signs
of stolen passwords, what should I be doing?
>From the advice received and what I'm reading, I'm getting two very
different messages - I must reinstall to be 100% certain that I'm
safe, and while I can't be 100% certain I'm safe it's pretty unlikely
that I have a real problem.
What would you do in my situation?
Thanks,
Tyler
Reply to: