Re: Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Cc: Russell Coker <russell@coker.com.au>
Subject: Re: Backport of the integer overflow in the brk system call
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 4 Dec 2003 14:23:54 -0500
Message-id: <[🔎] 20031204192354.GP582@dijkstra.csh.rit.edu>
Mail-followup-to: debian-devel@lists.debian.org, Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20031203011922.GA2828@comcast.net>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk> <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org> <[🔎] 20031202232021.GA32333@daedalus.andrew.net.au> <[🔎] 200312031117.19034.russell@coker.com.au> <[🔎] 20031203005423.GA1132@daedalus.andrew.net.au> <[🔎] 20031203011922.GA2828@comcast.net>

On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote:

> Smartcards would have avoided the Debian compromise: merely having a 
> compromised DD box would have prevented bad guy from getting on the box.
> 
> It's all about layers of defense.
> 
> I think the DD's should seriously think about requiring smartcards.  It 
> would have prevented the proxmiate cause of our recent troubles.

You must be joking.  If the developer's system is compromised, and he logs
into another system after that time, that system can be easily compromised
also.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-lists@andrew.net.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Russell Coker <russell@coker.com.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-devel@andrew.net.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>

Prev by Date: Re: Revival of the signed debs discussion
Next by Date: Re: Revival of the signed debs discussion
Previous by thread: OT: Smartcards and Physical Security
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread