| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E8D1D0A.6020003@canonical.com> Date: Wed, 05 Oct 2011 20:14:18 -0700 From: John Johansen <john.johansen@...onical.com> To: "H. Peter Anvin" <hpa@...or.com> CC: Ted Ts'o <tytso@....edu>, Josh Triplett <josh@...htriplett.org>, linux-kernel@...r.kernel.org, Jiri Kosina <jkosina@...e.cz> Subject: Re: kernel.org status: establishing a PGP web of trust On 10/03/2011 09:52 PM, H. Peter Anvin wrote: > On 10/03/2011 09:49 PM, Ted Ts'o wrote: >> >> Note that if your laptop allows incoming ssh connections, and you >> logged into master.kernel.org with ssh forwarding enabled, your laptop >> may not be safe. So be very, very careful before you assume that your >> laptop is safe. At least one kernel developer, after he got past the >> belief, "surely I could have never had my machine be compromised", >> looked carefully and found rootkits on his machines. >> >> - Ted > > By the way, I'm now pretty convinced that allowing inbound ssh on > laptops (which is the default on all the mainline Linux distros as far > as I know) is seriously broken... laptops get connected to *extremely* > insecure networks on just way too regular a basis. > I can't speak for the other distros but Ubuntu does not enable sshd by default. The openssh-server package or ssh meta package must be installed before sshd will be run. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists