LFS security problem: break-in

Jesse Tie Ten Quee highos at highos.com
Wed Aug 16 15:29:46 PDT 2000


On Wed, 16 Aug 2000, Peter Wood wrote:
> Errm, correct me if I'm wrong, but doesn't this mean we should have a good look
> at any packages we might have downloaded and (gasp!) installed from pcrdallas?
> Trying to think like a malicious hacker... He/she might think it quite amusing
> to plant doctored packages on a project like LFS, where we have been
> congratulating ourselves on how secure our source-built stuff is.  I don't see
> any md5 sums or gpg keys at pcrdallas.

Hrm... that is scary isn't it?

Considering linuxfromscratch.org is going to be moved soon (right?) it may
be wise to restart that archive.

Jesse Tie Ten Quee - highos at highos dot com

Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)

More information about the lfs-dev mailing list