[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: more details on the recent compromise of debian.org machines



James Troup <james@nocrew.org> writes:
> Since we didn't have direct physical access to klecker it's Internet
> connection was shut down and disk images were made via serial console
> to a local machine on a firewalled net connection.
[...]
> Gluck, Master and Murphy were wiped and reinstalled from CD.  data and
> services are in the process of being restored.

As Joey confirmed, this means that klecker (aka security.d.o) wasn't
reinstalled after the compromise - Could someone *please* explain how we
know that klecker's kernel and binaries are not modified *without*
rebooting it from a clean r/o medium (like a CDROM) [1]?

Marc

Footnotes: 
[1]  Which seems to be impossible, as we don't have physical access.
-- 
$_=')(hBCdzVnS})3..0}_$;//::niam/s~=)]3[))_$(rellac(=_$({pam(esrever })e$.)4/3*
)e$(htgnel+23(rhc,"u"(kcapnu ,""nioj ;|_- |/+9-0z-aZ-A|rt~=e$;_$=e${pam tnirp{y
V2ajFGabus} yV2ajFGa&{gwmclBHIbus}gwmclBHI&{yVGa09mbbus}yVGa09mb&{hBCdzVnSbus';
s/\n//g;s/bus/\nbus/g;eval scalar reverse   # <mailto:marc@marcbrockschmidt.de>

Attachment: pgpDu3bwS7fYQ.pgp
Description: PGP signature


Reply to: