LFS security problem: break-in

Paul Jensen pe at fs6.pcrentals.com
Wed Aug 16 18:11:04 PDT 2000


> > > Errm, correct me if I'm wrong, but doesn't this mean we should have a good look
> > > at any packages we might have downloaded and (gasp!) installed from pcrdallas?
> > > Trying to think like a malicious hacker... He/she might think it quite amusing
> > > to plant doctored packages on a project like LFS, where we have been
> > > congratulating ourselves on how secure our source-built stuff is.  I don't see
> > > any md5 sums or gpg keys at pcrdallas.
> > 
> > Hrm... that is scary isn't it?
> 
> I agree.  i have checked and nothing was modified.  md5 sums are a good
> idea.  i will implement the md5 sums for the ftp site.

ok, i have placed a md5sum file listing ( Filelist-md5sum ) in each ftp
directory. feel free to check your sources against these.

> actually, i am more worried about where we have obtained these
> files from.  have the download addresses been verified?

i wonder if there is a way verify the files all the back to the source?  

i don't think that just running http is going to prevent hacks.  New York
times, FBI, CIA and Slashdot sites have been cracked.  perhaps using stack
guard which must be compiled into all your programs might be the way to
go.  if a buffer overflow occurs, the daemon just dies - no root access
occurs.  

the other defense (lids.org) employees a kernel patch that prevents the
modification on binary files even by root.  this might be good for a
public server that is getting attacked daily.

paul jensen
lfs ftp/news/mail archive admin
www.pcrdallas.com

--
Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)



More information about the lfs-dev mailing list