LFS security problem: break-in
pe at fs6.pcrentals.com
Wed Aug 16 16:28:00 PDT 2000
> On Wed, 16 Aug 2000, Peter Wood wrote:
> > Errm, correct me if I'm wrong, but doesn't this mean we should have a good look
> > at any packages we might have downloaded and (gasp!) installed from pcrdallas?
> > Trying to think like a malicious hacker... He/she might think it quite amusing
> > to plant doctored packages on a project like LFS, where we have been
> > congratulating ourselves on how secure our source-built stuff is. I don't see
> > any md5 sums or gpg keys at pcrdallas.
> Hrm... that is scary isn't it?
I agree. i have checked and nothing was modified. md5 sums are a good
idea. i will implement the md5 sums for the ftp site.
actually, i am more worried about where we have obtained these
files from. have the download addresses been verified?
lfs ftp/news/mail archive admin
Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)
More information about the lfs-dev