[gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been "compromised"

[gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been "compromised"

[Ned Ludd]

Cant get much worse than this.

http://developers.slashdot.org/developers/03/08/13/1530239.shtml?tid=117&tid=126&tid=172&tid=99

After reading that it would be great if one of our list readers could
gather all the md5sums for matching packages that we support.

http://ftp.gnu.org/MISSING-FILES

-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux Developer (Hardened)


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"

[Fred Van Andel]

Ned Ludd <solar@gentoo.org> wrote:
(08/13/2003 09:56)

>After reading that it would be great if one of our list readers could
>gather all the md5sums for matching packages that we support.
>
>http://ftp.gnu.org/MISSING-FILES

The current distfile mirrors currently contain about 90 of the mentioned files, they are listed below.  I am currently checking the the md5 in portage against the ones that I calculated about a month ago. If someone could check the dates to see how many of these files arrived on our system before mid march we could rule them safe.

aspell-br-0.50-2.tar.bz2
aspell-ca-0.50-2.tar.bz2
aspell-cs-0.50-2.tar.bz2
aspell-cy-0.50-3.tar.bz2
aspell-da-0.50-2.tar.bz2
aspell-de-0.50-2.tar.bz2
aspell-el-0.50-3.tar.bz2
aspell-en-0.50-2.tar.bz2
aspell-en-0.51-0.tar.bz2
aspell-eo-0.50-2.tar.bz2
aspell-es-0.50-2.tar.bz2
aspell-fo-0.50-2.tar.bz2
aspell-fr-0.50-3.tar.bz2
aspell-it-0.50-2.tar.bz2
aspell-nl-0.50-2.tar.bz2
aspell-no-0.50-2.tar.bz2
aspell-pl-0.50-2.tar.bz2
aspell-pt-0.50-2.tar.bz2
aspell-ro-0.50-2.tar.bz2
aspell-ru-0.50-2.tar.bz2
aspell-sk-0.50-2.tar.bz2
aspell-sv-0.50-2.tar.bz2
aspell-uk-0.50-3.tar.bz2
aspell-0.50.2.tar.gz
aspell-0.50.3.tar.gz
auctex-11.13.tar.gz
auctex-11.14.tar.gz
autoconf-2.54.tar.bz2
clisp-2.30.tar.bz2
commoncpp2-1.0.1.tar.gz
commoncpp2-1.0.3.tar.gz
commoncpp2-1.0.9.tar.gz
treecc-0.2.4.tar.gz
ml-pnet-0.5.8.tar.gz
pnet-0.5.8.tar.gz
pnetC-0.5.8.tar.gz
pnetlib-0.5.8.tar.gz
ml-pnet-0.5.10.tar.gz
pnet-0.5.10.tar.gz
pnetC-0.5.10.tar.gz
pnetlib-0.5.10.tar.gz
treecc-0.2.6.tar.gz
electric-6.07.tar.gz
emacs-21.3.tar.gz
leim-21.3.tar.gz
gcl-2.5.2.tar.gz
gcl-2.5.3.tar.gz
glibc-2.3.1.tar.gz
glibc-linuxthreads-2.3.1.tar.gz
GNUnet-0.5.1a.tar.bz2
GNUnet-0.4.6.tar.bz2
GNUnet-0.5.2a.tar.bz2
GNUnet-0.5.4.tar.bz2
gprolog-1.2.16.tar.gz
grep-2.5.1.tar.gz
groff-1.18.1.tar.gz
guile-1.6.4.tar.gz
help2man-1.29.tar.gz
jwhois-3.2.0.tar.gz
jwhois-3.2.1.tar.gz
less-378.tar.gz244971
libtool-1.4.3.tar.gz
mc-4.5.55.tar.gz
nano-1.2.1.tar.gz
cvs-1.11.1p1.tar.gz
cvs-1.11.2.tar.gz
ispell-3.2.06.tar.gz
libosip-0.8.8.tar.gz
libosip-0.9.6.tar.gz
parted-1.6.6.tar.gz
pth-1.4.1.tar.gz
sed-4.0.1.tar.gz
sed-4.0.3.tar.gz
sed-4.0.5.tar.gz
sed-4.0.6.tar.gz
sed-4.0.7.tar.gz
sed-4.0.tar.gz
slib2d2.zip
slib2d3.zip
texinfo-4.5.tar.gz
which-2.13.tar.gz
which-2.14.tar.gz
xboard-4.2.6.tar.gz

Fred Van Andel
fava@gentoo.org
GPG KeyID: 76526AD599455482  
GPG fingerprint: 64E4 4BAB 9C99 D565 3E3C F5D0 7652 6AD5 9945 5482


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"

[Paul de Vrieze]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 850 bytes --]

On Wednesday 13 August 2003 20:22, Fred Van Andel wrote:
> Ned Ludd <solar@gentoo.org> wrote:
> (08/13/2003 09:56)
>
> >After reading that it would be great if one of our list readers could
> >gather all the md5sums for matching packages that we support.
> >
> >http://ftp.gnu.org/MISSING-FILES
>
> The current distfile mirrors currently contain about 90 of the mentioned
> files, they are listed below.  I am currently checking the the md5 in
> portage against the ones that I calculated about a month ago. If someone
> could check the dates to see how many of these files arrived on our system
> before mid march we could rule them safe.

Also, we probably have many digests in CVS. I think we could trust cvs/cvsweb 
too

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"

[Fred Van Andel]

Fred Van Andel <fava@gentoo.org> wrote:
(08/13/2003 11:22)

>Ned Ludd <solar@gentoo.org> wrote:
>(08/13/2003 09:56)
>
>>After reading that it would be great if one of our list readers could
>>gather all the md5sums for matching packages that we support.
>>
>>http://ftp.gnu.org/MISSING-FILES
>
>The current distfile mirrors currently contain about 90 of the mentioned files, they are listed below.  I am currently checking the the md5 in portage against the ones that I calculated about a month ago. If someone could check the dates to see how many of these files arrived on our system before mid march we could rule them safe.

I am talking to myself here but whatever.

All the MD5's that I calculated about a month ago match the MD5's that are given in portage (which would have been created at the time the ebuild was created).  This does not mean that those files are safe, it just means they have not been altered between the ebuild creation and a month ago   If the MD5's were different we would need to do some very carefull checking.

I dont have time now (I am at work) but can someone check the dates of the affected files to see if they are potentially suspect?

Fred Van Andel
fava@gentoo.org
GPG KeyID: 76526AD599455482  
GPG fingerprint: 64E4 4BAB 9C99 D565 3E3C F5D0 7652 6AD5 9945 5482


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"

[Georgi Georgiev]

> I dont have time now (I am at work) but can someone check the dates of the
> affected files to see if they are potentially suspect?

Not good enough, is it? One can use "touch" to set the date to anything they
want.

-- 
 /   Georgi Georgiev    / Life is like an egg stain on your chin --     /
\     chutz@gg3.net    \  you can lick it, but it still won't go away. \
 /  +81(90)6266-1163    /                                               /

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"

[Fred Van Andel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On August 13, 2003 10:03 pm, Georgi Georgiev wrote:
> > I dont have time now (I am at work) but can someone check the
> > dates of the affected files to see if they are potentially
> > suspect?
>
> Not good enough, is it? One can use "touch" to set the date to
> anything they want.

Yes you can, but only a truly incompetent cracker would set the date 
to be anything other than the date of the original file. The idea 
is to hide the fact that the file has changed, not broadcast it.

- -- 
Fred Van Andel
fava@gentoo.org
GPG KeyID: 76526AD599455482  
GPG fingerprint: 64E4 4BAB 9C99 D565 3E3C F5D0 7652 6AD5 9945 5482
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/OyVvdlJq1ZlFVIIRAsmhAKDTMPI5x/SI1cGoB71ot4M3j/RjhwCgvxEd
XmAHpvSEIwr5hR7bkpA+x2o=
=xGYQ
-----END PGP SIGNATURE-----


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"

[Paul de Vrieze]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 810 bytes --]

On Thursday 14 August 2003 08:00, Fred Van Andel wrote:
> On August 13, 2003 10:03 pm, Georgi Georgiev wrote:
> > > I dont have time now (I am at work) but can someone check the
> > > dates of the affected files to see if they are potentially
> > > suspect?
> >
> > Not good enough, is it? One can use "touch" to set the date to
> > anything they want.
>
> Yes you can, but only a truly incompetent cracker would set the date
> to be anything other than the date of the original file. The idea
> is to hide the fact that the file has changed, not broadcast it.

I think it is better to look when the specific digest was added to cvs. As far 
as I know our cvs has not been compromised.

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"

[Ned Ludd]

FSF posted a summary of what happend to them here
http://ftp.gnu.org/MISSING-FILES.README

I compared the md5sum's of the files I had in my (2.1 G) distfiles to
the md5sums they posted and they all matched thankfully.

heres a url to the simple bash script I used to compare the checksums
http://dev.gentoo.org/~solar/gnu.md5sum.check

On Thu, 2003-08-14 at 06:26, Paul de Vrieze wrote:
> On Thursday 14 August 2003 08:00, Fred Van Andel wrote:
> > On August 13, 2003 10:03 pm, Georgi Georgiev wrote:
> > > > I dont have time now (I am at work) but can someone check the
> > > > dates of the affected files to see if they are potentially
> > > > suspect?
> > >
> > > Not good enough, is it? One can use "touch" to set the date to
> > > anything they want.
> >
> > Yes you can, but only a truly incompetent cracker would set the date
> > to be anything other than the date of the original file. The idea
> > is to hide the fact that the file has changed, not broadcast it.
> 
> I think it is better to look when the specific digest was added to cvs. As far 
> as I know our cvs has not been compromised.
> 
> Paul
-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux Developer (Hardened)


--
gentoo-dev@gentoo.org mailing list