On Tue, Nov 23, 2010 at 01:47:19PM +0100, Luc Verhaegen wrote: > On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote: > > Radeonhd repo: > > http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot > > > > author SPIGOT <r...@jerkcity.com> 2010-11-02 04:21:14 (GMT) > > committer SPIGOT <r...@jerkcity.com> 2010-11-02 04:21:14 (GMT) > > commit 231683e2f111bb064125f64f2da797d744cde7fa (patch) > > ... > > PERHAPS BONGHITS WILL FIX MY MAKEFILE > > Signed-off-by: SPIGOT <r...@jerkcity.com> > > > > Very funny, but the person responsible forgot that maybe, this puts the > > whole trust in anything on fd.o at risk. > > > > A look at the repo itself shows: > > > > ...xf86-video-radeonhd/objects$ ls -al > > 23/1683e2f111bb064125f64f2da797d744cde7fa > > -r--r--r-- 1 root xorg 205 2010-11-01 21:22 > > 23/1683e2f111bb064125f64f2da797d744cde7fa > > > > This while others clearly show: > > > > ...xf86-video-radeonhd/objects$ ls -al > > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > > -r--r--r-- 1 mhopf xorg 596 2010-05-12 07:34 > > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > > > > So, who has root access to annarchy or any other of the servers, and who > > thought this would be funny, and who deserves to lose his access right > > here, right now? > > > > Luc Verhaegen. > > It is clear that this is not a normal security breach, as this commit is > fully in line with the naming scheme used by fd.o. Plus, given the > history of radeonhd, combined with who i think have root access, makes > it seem quite likely that this was simply one of the people with regular > root access. > > Luc Verhaegen.
Also, the hooks/update script was not run, as that would've sent an email to the radeonhd mailing list, the update hook was restored afterwards it seems: ...xf86-video-radeonhd/hooks$ ls -al total 36 drwxrwsr-x 2 keithp xorg 4096 2010-11-04 15:01 . drwxrwsr-x 8 eich xorg 4096 2009-12-09 06:09 .. -rw-rw-r-- 1 keithp xorg 426 2007-09-17 11:09 applypatch-msg -rw-rw-r-- 1 keithp xorg 528 2007-09-17 11:09 commit-msg -rw-rw-r-- 1 keithp xorg 152 2007-09-17 11:09 post-commit -rwxrwxr-x 1 keithp xorg 207 2007-09-17 11:09 post-update -rw-rw-r-- 1 keithp xorg 373 2007-09-17 11:09 pre-applypatch -rw-rw-r-- 1 keithp xorg 1616 2007-09-17 11:09 pre-commit -rwxrwxr-x 1 keithp xorg 3755 2010-11-01 21:26 update This is not random at all. Luc Verhaegen. _______________________________________________ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com