LFS security problem: break-in

Paul Jensen pe at fs6.pcrentals.com
Wed Aug 16 16:28:00 PDT 2000


> On Wed, 16 Aug 2000, Peter Wood wrote:
> > Errm, correct me if I'm wrong, but doesn't this mean we should have a good look
> > at any packages we might have downloaded and (gasp!) installed from pcrdallas?
> > Trying to think like a malicious hacker... He/she might think it quite amusing
> > to plant doctored packages on a project like LFS, where we have been
> > congratulating ourselves on how secure our source-built stuff is.  I don't see
> > any md5 sums or gpg keys at pcrdallas.
> 
> Hrm... that is scary isn't it?

I agree.  i have checked and nothing was modified.  md5 sums are a good
idea.  i will implement the md5 sums for the ftp site.

actually, i am more worried about where we have obtained these
files from.  have the download addresses been verified?

paul jensen
lfs ftp/news/mail archive admin
www.pcrdallas.com

--
Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)



More information about the lfs-dev mailing list