From: Patrick Lauer <patrick@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Project Sunrise thread -- a try of clarification
Date: Fri, 09 Jun 2006 22:51:43 +0200 [thread overview]
Message-ID: <1149886303.32544.7.camel@localhost> (raw)
In-Reply-To: <1149884042.22473.150.camel@cgianelloni.nuvox.net>
[-- Attachment #1: Type: text/plain, Size: 1165 bytes --]
On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote:
[snip]
> > If someone wanted to exploit boxen he'd use a much simpler attack
> > vector ... our rsync mirrors are wide open. No need to secure the little
> > window over there when the front door is open ...
>
> Really? I'd like you to give me root on rsync.gentoo.org, then. What's
> that? You can't? What a wonder!
I don't need that ...
Look, three-step plan to hacking Gentoo boxen:
1) open a few rsync mirrors and get them into the official rotation
2) replace ebuilds on the server with your preferred rootkit installer
3) harvest all the zombies you just got
Since not all ebuilds are signed and signing is not enforced portage
will not throw any errors if I take care of a few things (fixing
manifests etc.). So any person running an rsync mirror has implicitly
the same level of trust as a dev.
As for the rest of your email, I'd appreciate it if you didn't take this
so personal. There's no need to belittle or insult others to push your
agenda, it should stand on its own technical merits.
Patrick
--
Stand still, and let the rest of the universe move
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2006-06-09 20:58 UTC|newest]
Thread overview: 142+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-08 0:42 [gentoo-dev] [ANNOUNCE] Project Sunrise - Gentoo User Overlay Stefan Schweizer
2006-06-08 13:20 ` Chris Gianelloni
2006-06-08 13:32 ` Thomas Cort
2006-06-08 13:46 ` Chris Gianelloni
2006-06-08 13:59 ` Diego 'Flameeyes' Pettenò
2006-06-08 14:13 ` Stephen P. Becker
2006-06-08 16:29 ` Henrik Brix Andersen
2006-06-08 16:54 ` Lance Albertson
2006-06-08 14:41 ` Jon Portnoy
2006-06-08 15:12 ` Alec Warner
2006-06-08 15:45 ` foser
2006-06-08 16:04 ` [gentoo-dev] " Stefan Schweizer
2006-06-08 16:19 ` Lance Albertson
2006-06-08 16:32 ` Chris Gianelloni
2006-06-08 16:29 ` [gentoo-dev] " Chris Gianelloni
2006-06-08 16:48 ` Chris Bainbridge
2006-06-08 20:12 ` Chris Gianelloni
2006-06-09 1:25 ` Luis Francisco Araujo
2006-06-09 10:12 ` Chris Bainbridge
2006-06-09 11:27 ` Carsten Lohrke
2006-06-09 18:30 ` Luis Francisco Araujo
2006-06-09 19:31 ` [gentoo-dev] " Stefan Schweizer
2006-06-10 9:41 ` Luis Francisco Araujo
2006-06-08 16:02 ` [gentoo-dev] " Chris Gianelloni
2006-06-08 15:29 ` [gentoo-dev] " Stefan Schweizer
2006-06-08 16:27 ` Chris Gianelloni
2006-06-08 18:42 ` Henrik Brix Andersen
2006-06-08 16:59 ` [gentoo-dev] " Chris Bainbridge
2006-06-08 17:10 ` Diego 'Flameeyes' Pettenò
2006-06-08 17:16 ` Patrick McLean
2006-06-09 1:40 ` Luis Francisco Araujo
2006-06-09 10:01 ` Chris Bainbridge
2006-06-09 18:29 ` Luis Francisco Araujo
2006-06-08 15:00 ` Carsten Lohrke
2006-06-08 16:38 ` Josh Saddler
2006-06-08 16:26 ` [gentoo-dev] " Peter
2006-06-08 16:38 ` Ryan Tandy
2006-06-08 18:46 ` Henrik Brix Andersen
2006-06-08 19:51 ` Chris Gianelloni
2006-06-08 20:23 ` [gentoo-dev] " Peter
2006-06-08 20:47 ` Alec Warner
2006-06-08 22:09 ` Chris Gianelloni
2006-06-08 22:31 ` [gentoo-dev] " Peter
2006-06-09 11:08 ` Henrik Brix Andersen
2006-06-09 11:44 ` [gentoo-dev] " Peter
2006-06-09 11:53 ` Diego 'Flameeyes' Pettenò
2006-06-09 12:57 ` Henrik Brix Andersen
2006-06-09 15:39 ` Carsten Lohrke
2006-06-09 18:15 ` Chris Gianelloni
2006-06-09 18:42 ` [gentoo-dev] " Peter
2006-06-10 19:37 ` [gentoo-dev] " Ryan Hill
2006-06-10 20:19 ` [gentoo-dev] Re: Re: " Richard Fish
2006-06-09 2:50 ` [gentoo-dev] " Luis Francisco Araujo
2006-06-09 1:16 ` [gentoo-dev] " Luis Francisco Araujo
2006-06-08 16:57 ` [gentoo-dev] " Grant Goodyear
2006-06-08 17:26 ` Alec Warner
2006-06-08 20:20 ` Luca Barbato
2006-06-08 22:05 ` Chris Gianelloni
2006-06-08 18:58 ` [gentoo-dev] Project Sunrise thread -- a try of clarification Markus Ullmann
2006-06-08 19:18 ` Lance Albertson
2006-06-08 19:20 ` Henrik Brix Andersen
2006-06-08 19:52 ` Peter Volkov (pva)
2006-06-08 19:52 ` Peter Volkov (pva)
2006-06-08 20:35 ` Ciaran McCreesh
2006-06-08 21:05 ` Henrik Brix Andersen
2006-06-08 22:14 ` Chris Gianelloni
2006-06-08 19:57 ` Markus Ullmann
2006-06-08 22:02 ` Chris Gianelloni
2006-06-08 22:22 ` Donnie Berkholz
2006-06-08 23:45 ` Chris Gianelloni
2006-06-08 21:05 ` Stuart Herbert
2006-06-08 21:21 ` Henrik Brix Andersen
2006-06-08 22:03 ` Stuart Herbert
2006-06-09 11:29 ` Carsten Lohrke
2006-06-09 12:04 ` [gentoo-dev] " Stefan Schweizer
2006-06-09 15:44 ` Carsten Lohrke
2006-06-09 15:44 ` Danny van Dyk
2006-06-09 15:48 ` Danny van Dyk
2006-06-09 15:49 ` Danny van Dyk
2006-06-09 18:24 ` Chris Gianelloni
2006-06-09 19:01 ` [gentoo-dev] " Stefan Schweizer
2006-06-15 7:55 ` Mike Frysinger
2006-06-15 8:07 ` [gentoo-dev] " Stefan Schweizer
2006-06-11 13:42 ` [gentoo-dev] " Christian Birchinger
2006-06-11 16:48 ` Henrik Brix Andersen
2006-06-09 3:06 ` [gentoo-dev] " Luis Francisco Araujo
2006-06-08 19:38 ` Diego 'Flameeyes' Pettenò
2006-06-08 21:57 ` Chris Gianelloni
2006-06-08 22:30 ` Markus Ullmann
2006-06-09 0:06 ` Chris Gianelloni
2006-06-09 0:49 ` Markus Ullmann
2006-06-09 1:08 ` Ciaran McCreesh
2006-06-09 19:06 ` Christel Dahlskjaer
2006-06-09 19:32 ` Ciaran McCreesh
2006-06-09 20:54 ` Chris Gianelloni
2006-06-09 22:22 ` Christel Dahlskjaer
2006-06-09 12:16 ` Chris Gianelloni
2006-06-09 12:42 ` Brian Harring
2006-06-09 13:06 ` Henrik Brix Andersen
2006-06-09 18:35 ` Chris Gianelloni
2006-06-09 8:28 ` Patrick Lauer
2006-06-09 9:06 ` Jakub Moc
2006-06-09 9:20 ` Diego 'Flameeyes' Pettenò
2006-06-09 16:30 ` Chris Gianelloni
2006-06-09 10:01 ` Edward Catmur
2006-06-09 10:24 ` Stuart Herbert
2006-06-09 21:31 ` Ciaran McCreesh
2006-06-09 10:33 ` Jakub Moc
2006-06-09 17:06 ` Chris Gianelloni
2006-06-09 17:55 ` Peper
2006-06-09 18:12 ` Jakub Moc
2006-06-09 18:26 ` Daniel Ostrow
2006-06-09 21:26 ` Chris Gianelloni
2006-06-09 16:50 ` Chris Gianelloni
2006-06-09 17:05 ` Donnie Berkholz
2006-06-09 19:12 ` Chris Gianelloni
2006-06-09 19:25 ` Donnie Berkholz
2006-06-09 16:20 ` Chris Gianelloni
2006-06-09 16:40 ` Andrew Gaffney
2006-06-09 17:41 ` Patrick Lauer
2006-06-09 20:14 ` Chris Gianelloni
2006-06-09 20:32 ` Donnie Berkholz
2006-06-10 9:40 ` Luis Francisco Araujo
2006-06-09 20:51 ` Patrick Lauer [this message]
2006-06-09 21:22 ` Chris Gianelloni
2006-06-09 21:45 ` Andrea Barisani
2006-06-09 21:29 ` Lance Albertson
2006-06-09 21:54 ` Patrick Lauer
2006-06-10 10:31 ` Luis Francisco Araujo
2006-06-10 14:27 ` Chris Gianelloni
2006-06-11 8:33 ` Kevin F. Quinn
2006-06-11 11:05 ` Josh Saddler
2006-06-09 8:41 ` Stuart Herbert
2006-06-08 20:05 ` [gentoo-dev] [ANNOUNCE] Project Sunrise - Gentoo User Overlay Wernfried Haas
2006-06-08 20:18 ` Markus Ullmann
2006-06-09 0:53 ` [gentoo-dev] " Stefan Schweizer
2006-06-09 7:40 ` Edward Catmur
2006-06-09 8:34 ` [gentoo-dev] Re: [ANNOUNCE] Project Sunrise - Alternative? @4u
2006-06-09 10:05 ` [gentoo-dev] Re: [ANNOUNCE] Project Sunrise - Gentoo User Overlay Chris Bainbridge
2006-06-09 12:21 ` Ciaran McCreesh
2006-06-09 11:28 ` Carsten Lohrke
2006-06-09 17:13 ` Chris Gianelloni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1149886303.32544.7.camel@localhost \
--to=patrick@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox