On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote: > Radeonhd repo: > http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot > > author SPIGOT <[email protected]> 2010-11-02 04:21:14 (GMT) > committer SPIGOT <[email protected]> 2010-11-02 04:21:14 (GMT) > commit 231683e2f111bb064125f64f2da797d744cde7fa (patch) > ... > PERHAPS BONGHITS WILL FIX MY MAKEFILE > Signed-off-by: SPIGOT <[email protected]> > > Very funny, but the person responsible forgot that maybe, this puts the > whole trust in anything on fd.o at risk. > > A look at the repo itself shows: > > ...xf86-video-radeonhd/objects$ ls -al > 23/1683e2f111bb064125f64f2da797d744cde7fa > -r--r--r-- 1 root xorg 205 2010-11-01 21:22 > 23/1683e2f111bb064125f64f2da797d744cde7fa > > This while others clearly show: > > ...xf86-video-radeonhd/objects$ ls -al > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > -r--r--r-- 1 mhopf xorg 596 2010-05-12 07:34 > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > > So, who has root access to annarchy or any other of the servers, and who > thought this would be funny, and who deserves to lose his access right > here, right now? > > Luc Verhaegen.
It is clear that this is not a normal security breach, as this commit is fully in line with the naming scheme used by fd.o. Plus, given the history of radeonhd, combined with who i think have root access, makes it seem quite likely that this was simply one of the people with regular root access. Luc Verhaegen. _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
