How does the GNU FTP server compromise affect ports?

Contributed by jose on 2003-08-16 from the checksums-are-just-for-this-purpose dept.

anonymous writes: "after the recent compromise of the GNU FTP server, I have been concerned about the integrity of my systems.

how does this affect both the base system and ports? since the intruder had root access on the box, checksums should mean a big zero, what does one do to make sure their beloved boxes are safe?"

Don't forget that the checksums the ports tree uses are held on OpenBSD servers, not the compromised distfile server. Secondly, the checksums are widely distributed, so someone is bound to spot it (as they did with other backdoored distfiles). Thirdly, this is exactly what the systrace patch for the ports tree is for.

(Comments are closed)

Comments

By jose () on 2003-08-16 10:56 http://monkey.org/~jose/

i was affected by the blackout and busy at work this week, hence i didn't get much posted. thanks for understanding ...
Comments
1. By Nate () on 2003-08-16 12:56
  
  My power was out too, really sucked. Not only no computer, but after a while no light to read or play board/card games.
  
  Also a bit of a pain to have to throw out food that may/may not be good still/ever.
2. By krh () on 2003-08-17 03:06
  
  You do a great job, blackout or no. Please keep up it up, and thanks!
3. By Anonymous Coward () on 2003-08-18 11:51
  
  OpenBSD doesn't protect against that type of DoS attack?!? Ouch, that is a crippling bombshell for this beleaguered communi^&3-xx*
  NO CARRIER
  Comments
  1. By map-ip-to-name () nobody@localhost on 2003-08-23 01:29 http://phrack.efnet.ru/phrack/opencult/
    
    your comment has been rated -1 out of 10 points on the OpenCULT scale

Latest Articles

Wed, Apr 24
- 04:35 Game of Trees 0.98 released (0)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (12)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]