| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 1 Oct 2011 22:30:58 -0500 From: Andy <akwatts@...il.com> To: Greg KH <greg@...ah.com> Cc: tmhikaru@...il.com, Willy Tarreau <w@....eu>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, hpa@...or.com Subject: Re: kernel.org status: hints on how to check your machine for intrusion On Sat, Oct 01, 2011 at 07:26:43PM -0700, Greg KH wrote: > On Sat, Oct 01, 2011 at 09:58:38PM -0400, tmhikaru@...il.com wrote: > > Any way we could get something like this verification done for the > > 3.0.x stable kernels? I'm currently stuck without any way known to me to > > verify that any of the patches I downloaded from kernel.org before it went > > down are actually correct. > > I already sent a signed copy of the 3.0.4 patch that applies on top of > the 3.0 kernel to the linux-kernel mailing list a few days ago. > > That should be fine for what you need right now, right? > > greg k-h Greg: Would it be possible for you to build on the great work already done by Willy and provide the signature's he missed (they cluster around the more recent branches which happen to be the tarballs most likely to have been downloaded during the intrusion window). Maybe it makes sense to generate sha-256 fingerprints, as H. Peter says, rather than the less collision-resistant md5. Very few people probably have as complete a local git repo as you do. ~ Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists