On Fri, 2006-06-09 at 22:51 +0200, Patrick Lauer wrote: > On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote: > [snip] > > > If someone wanted to exploit boxen he'd use a much simpler attack > > > vector ... our rsync mirrors are wide open. No need to secure the little > > > window over there when the front door is open ... > > > > Really? I'd like you to give me root on rsync.gentoo.org, then. What's > > that? You can't? What a wonder! > > I don't need that ... > Look, three-step plan to hacking Gentoo boxen: > > 1) open a few rsync mirrors and get them into the official rotation
Umm... the rsync servers in rsync.gentoo.org are all controlled by infra now. If you're using another rsync server (read, untrusted) then you get what you deserve. ;] -- Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part
