LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Infrastructural attacks on free software

Infrastructural attacks on free software

Posted Nov 27, 2003 12:04 UTC (Thu) by ajk (subscriber, #6607)
In reply to: Infrastructural attacks on free software by gleef
Parent article: Infrastructural attacks on free software

For an added bit of trust, Martin Schulze (or Matt Zimmerman, or another trusted and visible Debian developer) could have posted the MD5 sums of the updated packages onto the debian-security-announce list in a PGP/GPG signed email

The mailing list server machine was among the compromised, and thus the lists were out of order for several days. It would have taken a lot of time and effort to set up a temporary lists.debian.org, assuming that a backup system was not already set up. Therefore, your idea would not have worked.

(Log in to post comments)

Infrastructural attacks on free software

Posted Nov 27, 2003 23:57 UTC (Thu) by daniels (subscriber, #16193) [Link]

Err, a few security team members are also DSA (admin team), so it wouldn't have
been too difficult for them to extract the debian-security-announce subscription
list from murphy. They wouldn't have to had murphy up to send it out; therefore
the idea could well have worked.

I trust the security team and the DSA enough to believe that they would've come
up with a more-than-satisfactory solution to the hypothetical problem, had it
arisen. People don't get to DSA/security because they just went and drank with
the right people - they're there for a reason.

Infrastructural attacks on free software

Posted Dec 4, 2003 9:11 UTC (Thu) by jaalwn (guest, #17500) [Link]

I think this hits the crux of the matter.

Irrespective of how the attack occurred, and what had to be done to restore the compromised servers, the real issue was that key Debian services went down, and some services are still down today.

I believe that the folks involved reacted rapidly and appropriately in dealing with the compromise, however, there appears to have been no resource allocated to maintaining continuous service, and hence the disruption to the community.

Imagine an alternative stream of events:

* some hosts discovered to be compromised
* these hosts are isolated / frozen / services go down
> integrity of services are verified
> redundant hosts are activated, service resumes
* forensics are performed on compromised hosts
* compromised hosts are purged / rebuilt
* rebuilt hosts are bought back on-line
* service is switched back to primary hosts

I feel that the biggest disruption was in the communication channels - many folks did not receive the 21st Nov announcement until 25th Nov - it was sent via a host that then taken down shortly after being posted.

There was also extreme pressure on those performing the forensics to diagnose and cure the problem - because services were down until the dianosis and cure could be implemented.

I don't think it is possible to guarantee publicly exposed internet hosts as secure. But it IS possible to minimise disruption and provide continuity of service, with some forethought and planning.

All in all, I believe the Debian effort was commendable, and I will be sticking with the dist. I do hope that next time [yes - it will happen!] the communication channels will be maintained - they are an essential part of the community's security.

Jeff

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds