lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111001141751.GA8937@zeus>
Date:	Sat, 1 Oct 2011 09:17:51 -0500
From:	akwatts@...il.com
To:	Greg KH <greg@...ah.com>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: kernel.org status: hints on how to check your machine for
 intrusion

Greg, many thanks for providing these helpful hints for assessing 
system integrity.

On Fri, Sep 30, 2011 at 04:59:24PM -0700, Greg KH wrote:
> The compromise of kernel.org and related machines has made it clear that
> some developers, at least, have had their systems penetrated.  As we
> seek to secure our infrastructure, it is imperative that nobody falls
> victim to the belief that it cannot happen to them.  We all need to
> check our systems for intrusions.  Here are some helpful hints as
> proposed by a number of developers on how to check to see if your Linux
> machine might be infected with something:

I understand that git repos are protected from ex-post tampering by a
rolling sha-1 hash. However, is it possible that code submissions were
faked during the intrusion window and pulled by legitimate subsystem
or system managers?

The intrusion on kernel.org has been dated as potentially weeks
before 8/28 which means many tarballs (that common users rely on more
than git) were posted after that.

Can we confirm a few things?

a) do we know have a better estimate on the date of the initial breach?
b) is there any chance that the signing key (517D0F0E) was compromised?
c) can someone with verifiably clean code (i.e. not just downloads from
   kernel.org) post checksums (md5,sha1,rmd160) for official tarball
   releases since say 3/2011 (both full kernel and patches)?

Many thanks.

~ Andy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ