Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!bionet!apple!bloom-beacon!bu-cs!purdue!decwrl!sgi!miq@chromavac.SGI.COM
From: miq@chromavac.SGI.COM (Miq Millman)
Newsgroups: comp.sys.sgi
Subject: Re: virus, fix for 3000 part 05 of 05 (last)
Keywords: no article, just file
Message-ID: <21798@sgi.SGI.COM>
Date: 8 Nov 88 19:47:00 GMT
References: <21697@sgi.SGI.COM> <1795@sbcs.sunysb.edu>
Sender: daemon@sgi.SGI.COM
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 28

In article <1795@sbcs.sunysb.edu>, root@sbcs.sunysb.edu (root) writes:
> 
> Just a comment on the distribution medium of your updated sendmail - what
> prevents one of the backbone sites from modifying your fixed sendmail so as
> to introduce a trojan horse?  I would recommend against this method
> of distribution, especially for a daemon that normally runs as "root".
> 
> 					Rick Spanbauer
> 					SUNY/Stony Brook

AS I mentioned to Mr. Spanbauer via email, there is nothing stopping it.
However the possiblity of someone at a backbone site doing the following:

	1) knowing EXACTLY when my message will come through his site in
	   advance
	2) knowing how many sections my post would be in advance
	3) having a virus ready and waiting for a post to be made to 
	   comp.sys.sgi that included binaries and being aware of 1 & 2
	4) doing all of the first three things just about the same time
	   a worm is floating around systems

is extremely rare.  And as I mentioned with the 4D version of sendmail, the
only real way to be safe is to remove your machine from all networks. 
--
BLAM! BLAM! BLAM!
"Oh thank you thank you thank you"  {hug}
    "Maam, you are emotionally distraught, I'll contact a rape crisis center"
Miq Millman -- miq@sgi.com or {sun,decwrl,pyramid,ucbvax}!sgi!miq
415 960 1980 x1041 work