http://ciac.llnl.gov/ciac/bulletins/k-035.shtml
This was a problem which resulted in a backdoor on some Redhat 6.2
back in April last year.
Does anyone know if binary rpms from places like rpmfind.net
are peer reviewed at all? Is it purely a trust system, even for
the user contributed areas?
Regards,
Sonam
Jon Carnes wrote:
>
> On Wednesday 21 March 2001 17:15, Rick Welykochy wrote:
> > Hi Sluggers,
> >
> > Has anyone run across any evidence of distributed open-source
> > binary packages (i.e. *not* compiled at home) that contain nasty
> > code, trojans, worms, etc?
> >
> > Of course, your first line of defense is comparing MD5 sums, but
> > even those can be changed to suit an altered binary.
> >
> > And a related question would be has anyone uncovered evidence of
> > actual source code containing surreptitious bits of nastiness?
> >
> > --
> > Rick Welykochy || Praxis Services Pty Limited
>
> About three years back there was a widely used rpm that had a backdoor built
> into it by a joker who had fixed a bug and introduced a backdoor at the same
> time.
>
> I cannot remember exactly what it was, but I remember it was major, like Bind
> or FTP
>
> Jon Carnes
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
--
Electronic Commerce
Corporate Express Australia Ltd.
Phone: +61-2-9335-0725 Fax: +61-2-9335-0753
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
