[clc-devel] Ports servers security

Simone Rota sip at varlock.com
Thu Dec 4 14:16:03 UTC 2003


On Wed, 2003-12-03 at 21:57, Logan Ingalls wrote:
> Not that we're as large of a target for hackers, but one of Gentoo's
> central rsync servers was hacked yesterday:
> 
>   http://lwn.net/Articles/61229/
> 
> I figured this might make a good time to ask: "How secure are
> cvsup.fukt.bth.se and crux.fh-regensburg.de?"
> 
> Logan

Maybe I'm the only one that missed this one,
anyway it seems that also savannah.gnu.org has been
compromised:

http://savannah.gnu.org/statement.html

Sad news.

Back on topic, I said before that I'm not a security
expert; if my machine get compromised, an attacker
could gain access to crux.f-regensburg.de, or at least
to the port tree.
I think the same goes for other maintainers too.
Quite scary, uh?

Maybe we can find a solution to check for maliciuos
cvs commits et similia. As Martin says in this thread,
the only thing to "defend" is the cvs tree; any idea?

Simone




More information about the crux-devel mailing list