LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Savanna.gnu.org compromised too

Savanna.gnu.org compromised too

Posted Dec 4, 2003 0:51 UTC (Thu) by QuisUtDeus (guest, #14854)
Parent article: Savanna.gnu.org compromised too

Debian's attack was a local one. The linux kernel attempt (correct me if I am wrong) was attempted by someone with some sort of CVS access. Now another local one.

Is this perhaps some sleepers that have gotten local access to servers and now are taking advantage of it? Or perhaps, some developers have been "bribed" to allow improper use of their access?

The Gentoo server was not their's, and so it remains to see if it looks like it might have been an "inside job."

Or is someone finding a way to get remote access to user accounts in a new way or by brute force?

The findings from Debian and Gentoo should help answer this.

Anyway, attacks are always possible, whether sponsored by a large enemy like M$ or not. The right answer is still to fix the weaknesses that allowed them, and then perhaps to evaluate any trust relationships that might have been abused.

This is still a small fraction of the more devastating results of world-wide windows-based viruses and exploits.

-
Domine, miserere nobis.

(Log in to post comments)

Savanna.gnu.org compromised too

Posted Dec 4, 2003 1:09 UTC (Thu) by sward (subscriber, #6416) [Link]

The actual damage from these attacks hasn't been much, true. But the potential damage, if these had gone undetected for long enough, was considerable - because of the "leverage" to be gained by attacking a distribution repository such as this. I imagine that at least part of the cracker(s) motivation was that leverage effect.

I just hope the GNU folks are on their toes; backdooring GCC would provide even more leverage...

It may not be "bad" developers

Posted Dec 4, 2003 3:06 UTC (Thu) by Ross (subscriber, #4065) [Link]

It may not have been the developer's fault. I'm pretty sure that in the
Debian incident the developer's account was being used by someone else
who had sniffed his or her password. Maybe the intruder(s) compromized a
bunch of desktops and has been collecting passwords?

I also remember that the FSF's ftp site was compromized by an "inside"
job a few months back... or maybe it was the Savanna server after all.
My memory isn't that wonderful.

It may not be "bad" developers

Posted Dec 4, 2003 4:01 UTC (Thu) by piman (subscriber, #8957) [Link]

This is the case with Debian; a developer's home system (or one of his/her home systems) had been compromised, and so the attacker got the password (or phrase) when she/he logged into a Debian server.

Savanna.gnu.org compromised too

Posted Dec 4, 2003 4:00 UTC (Thu) by piman (subscriber, #8957) [Link]

> The linux kernel attempt (correct me if I am wrong) was attempted by someone with some sort of CVS access.

The Linux kernel CVS is publicly readable, writable by no one. It's mirrored from the BK repository. The only people with "CVS access" and can't be tracked via BK commits, are BitMover employees. So, you're wrong. :)

Savanna.gnu.org compromised too

Posted Dec 4, 2003 8:29 UTC (Thu) by NAR (subscriber, #1313) [Link]

Or perhaps, some developers have been "bribed" to allow improper use of their access?

I'm afraid most of the developers computers might be not as secure as they should be, so if a cracker gets in, he can easily get into the project server if the developer has a shell access there :-(

Bye,NAR

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds