On Thu, 04 Dec 2003 00:54:24 +0100 Dalibor Topic <[EMAIL PROTECTED]> wrote:
> Hi all, > > since I haven't received any news on this yet, and many people here > probably contribute to one project on Savannah or another, I just wanted > to spread the news that savannah.gnu,org has been compromised. cracked. > broken in. just like debian last week. Scary stuff. It's got me spooked. I ran chkrootkit on our server, and it looks like it's OK. Actually, it did show this: Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed But that's a common false positive due to the way it does the test (due to a mismatch between Debian's 'ps' command output and /proc). Just to be sure, I removed kernel module support from the kernel, and it still does it. My web server at home had some false positives as well - yay. I also upgraded to kernel 2.4.23 (because of the latest ptrace bug that was used to compromise Debian), and updated rsync (which was used to compromise Gentoo). We don't have a lot of user accounts on the server, and I usually upgrade packages within hours of reading the Debian security advisories, so I think we've been lucky so far. I think with all of these high-profile comprosises lately, I'm going to take some measures to tighten up security on the server even more. There's a few things I've been wanting to experiment with, like moving some services out of the main server environment to individual user-mode Linux "virtual machines", and even running some of the services on Kaffe itself. And I'll probably look at ways of tightening up password security, etc. This should only affect the few developers that have accounts on the server - it probably affects me the most. For the rest of the users, I strongly encourage you to use the GPG signature files that I make for every release to verify that the released files have indeed been signed by my private GPG key. There are instructions in the signature file on how to do this. This way, you can be sure that you are not building from Trojan'ed sources, in the possible event where Kaffe.org has been compromised. Cheers, - Jim _______________________________________________ kaffe mailing list [EMAIL PROTECTED] http://kaffe.org/cgi-bin/mailman/listinfo/kaffe