Re: /bin/login listening?

On 2007-07-29, Celejar <celejar@gmail.com> wrote:
>>
>> That's what I was thinking. But is there any way a rootkit could
>> interfere with my downloading and compiling from source? I was hoping
>> that doing things 'by hand' would limit the possibilities for
>> compromising the result.
>
> In theory, certainly. Your downloading agent is probably invoking
> system libraries, which may be compromised and substituting bad
> source. The system may not even be running your download agent at
> all! Or it may subsequently lie to you and assure you that it's
> running the downloaded app when it really isn't. Whether all this is
> at all plausible is a different question.
>

So if I'm compromised nothing is safe, and the only guaranteed way to clear this up is to format my harddrive and reinstall. Given that the only evidence of a problem is a warning about /bin/login listening from rkhunter, which happened only once, and I have had no other problems with my net connection or general performance of my laptop, let alone mysterious withdrawals from my bank account or other signs of stolen passwords, what should I be doing?

>From the advice received and what I'm reading, I'm getting two very
different messages - I must reinstall to be 100% certain that I'm safe, and while I can't be 100% certain I'm safe it's pretty unlikely that I have a real problem.

What would you do in my situation?

Thanks,

Tyler

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org