Re: more details on the recent compromise of debian.org machines

To: debian-devel@lists.debian.org
Subject: Re: more details on the recent compromise of debian.org machines
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Sun, 30 Nov 2003 09:31:58 +0100
Message-id: <[🔎] 20031130083158.GA17142@downhill.at.eu.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <8765h5wbgf.fsf@shiri.gloaming.local>
References: <8765h5wbgf.fsf@shiri.gloaming.local>

On Fri, Nov 28, 2003 at 01:04:00AM +0000, James Troup wrote:
[...]
>                         Where do we go from here?
>                         -------------------------

> Unfortunately due to the fact there is (I believe) an unknown local
> root exploit in the wild, we can't yet unlock the Debian accounts.
> Obviously we can't continue without LDAP accounts for very long
> either.  At the moment I'd ask for a little more patience both a)
> while the painful and painstaking task of restoring machines one by
> one is completed and b) while we try and exhaust all reasonable
> avenues of investigation to determine how the attacker went from
> unprivileged to root.
[...]

Is the security-team also not operational currently? I.e. can they
build and upload packages to security.d.o? If they are not operational
it might make sense to announce this on security-announce.
                cu andreas

Reply to:

Prev by Date: Re: [RFC] adding system users: which is the best way??
Next by Date: Re: How to improve archive verification possibilities for the future
Previous by thread: Re: more details on the recent compromise of debian.org machines
Next by thread: Bug#222363: ITP: pxes-base -- PXES Linux Thin Client software (base package)
Index(es):
- Date
- Thread