|
|
Subscribe / Log in / New account

Gentoo's GitHub mirror compromise incident report

[Posted July 4, 2018 by ris]

LWN reported on June 29 that Gentoo's GitHub mirror had been compromised. Gentoo now considers the incident resolved and the full report is available. "An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. They then proceeded to make various changes to content. Gentoo Developers & Infrastructure escalated to GitHub support and the Gentoo Organization was frozen by GitHub staff. Gentoo has regained control of the Gentoo GitHub Organization and has reverted the bad commits and defaced content."
to post comments

Gentoo's GitHub mirror compromise incident report

Posted Jul 4, 2018 21:32 UTC (Wed) by Karellen (subscriber, #67644) [Link] (4 responses)

Sorry, my brain must be playing up, but what *is* the "Gentoo Github Organization"? And how can a someone remove people's access to an organization? I don't understand what that means.

I've done a quick search for "Gentoo Github Organization", and the only hits I get are to the incident, and stories about the incident, with none of the ones I've looked at explaining what this organization is, what it does, or how it operates.

Gentoo's GitHub mirror compromise incident report

Posted Jul 4, 2018 21:36 UTC (Wed) by mpr22 (subscriber, #60784) [Link] (1 responses)

Searching for github organization -gentoo gets me to a Github blog post about the Organizations feature, which looks at least superficially informative.

Gentoo's GitHub mirror compromise incident report

Posted Jul 6, 2018 15:37 UTC (Fri) by Karellen (subscriber, #67644) [Link]

Yup, that's exactly what I was looking for. Thanks!

Gentoo's GitHub mirror compromise incident report

Posted Jul 5, 2018 3:20 UTC (Thu) by jcorgan (subscriber, #47213) [Link] (1 responses)

Github, the source code repository service that Gentoo uses as a backup, has a feature where groups of developers can have an "Organization" to organize various rights to do different things on the website. Typically the "... Github Organization" is made admin and then different developers are made members of the org. In this case it looks like an attacker gained access to that admin group and went from there.

Gentoo's GitHub mirror compromise incident report

Posted Jul 6, 2018 15:33 UTC (Fri) by Karellen (subscriber, #67644) [Link]

Oh, so it's an account, or a type of account, or like a group (as in a Unix group).

OK, that makes sense. I thought they were talking about an actual organization.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds