The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing the way we deal with source archives

To: debian-private@lists.debian.org
Subject: Re: Changing the way we deal with source archives
From: kai@khms.westfalen.de (Kai Henningsen)
Date: 08 Mar 1997 10:59:00 +0100
Comment: Unsolicited commercial mail will incur an US$100 handling fee per received mail.
In-reply-to: <199703080531.VAA11454@tantale.fifi.org>
Organization: Organisation? Me?! Are you kidding?
Resent-cc: recipient list not shown: ;
Resent-date: 8 Mar 1997 12:33:02 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"joZ9G3.0.aO4.znL8p"@debian>
Resent-sender: debian-private-request@lists.debian.org

phil@fifi.org (Philippe Troin)  wrote on 07.03.97 in <199703080531.VAA11454@tantale.fifi.org>:

> On Fri, 07 Mar 1997 21:15:00 PST Bruce Perens (bruce@pixar.com) wrote:
>
> > From: Philippe Troin <phil@fifi.org>

> > > I don't really understand all this recent paranoia, and what's behind
> > > what you call traceability...
> >
> > Well, the theory is that anyone who wants to can slip a trojan horse into
> > the system. We can't review all of the code, so we at least want to be
> > able to verify that we got the package unmodified from its author, and we
> > want it to be really easy to see how Debian changed the package.
>
> I know I'll restart the debate, but if we allow the .tar.gz signature
> to be changed (for toplevel name modifications purposes), what's the

But this debate is about avoiding exactly this problem. We want to STOP  
renaming the toplevel.

> problem with allowing changes within the source tree.
> Better, why not making mandatory for any changes not traceable (yep,
> it's the latest buzzword !) with a diff file (that is filename
> changes, deletions, probably others) to provide a script which will
> convert the source tree into the debianized source tree ?

We had that discussion when dpkg-source was planned. The resolution was  
that UNDER NO CONDITION should unpacking the source force people to call a  
script provided by the package. It's an anti-trojan-horse rule.

You can, of course, always prune stuff in debian/rules.

> > And when did the paranoia start? For many people it started when a virus
> > popped up on Linux. A virus called "Bliss", as in "Ignorance is Bliss".
> > However, for me it started a lot earlier. I've been talking about how to
> > fight trojans for a long time.
>
> As far as I understood the bliss problem, this came from the fact that the
> executable was suid root (form libsvga purposes), and it didn't drop the

Nope. Bliss is a simple virus, like they exist in the thousands for DOS.  
It's actually portable to every reasonably Unix-like system, probably even  
to NT.

It's also pretty unlikely to do serious damage to a well-administrated  
Unix-like system. That's what permissions are for.

However, really well administrated systems are few and far between, as we  
all know.

The real impact from Bliss - and, the way I understand the message from  
someone who claims to be its author to bugtraq (IIRC), the reason for its  
existence - is that it refutes the old claim "there can't be a virus for  
Unix".

Incidentally, a lot of knowledgeable people tried to shut their eyes fast  
and claim that it really was a trojan, as it couldn't do any bad things  
without getting root ...

Horsemanure.

It's a virus. It works very similar to typical DOS viruses. (Except it  
contains its own remover code.) It can infect user programs quite well  
even without root priviledges. And it's not dependant on any specific  
other program.

It's also no big deal, except for the shock value. Actually, I think it  
can even be good word-of-mouth PR: "Hey look, we're accepted. People are  
writing viruses for our OS."

> privileges early enough. For the general paranoia syndrome, I think that
> hackers have much easier ways to get into a networked machine than changing
> source packages... But you're allowed to disagree...

On the other hand, changed source packages *have* happened already.

There was the wu-ftp incident, for example, where someone changed the  
sources on (IIRC) the main ftp server to introduce some sort of back door.

Also, there's stuff like the sendmail DEBUG back door (the stuff the  
Internet worm used), which was put in by the author - because he wanted a  
back door! (He didn't have root access to the machine he did most of his  
debugging on. So he simply broke in.)

Also, consider the following URL:

ACM Classic: Reflections on Trusting Trust
     <http://www.cs.umsl.edu/~sanjiv/sys_sec/security/thompson/hack.html>

Sometimes people confess to these things. Sometimes they don't. We want to  
be able to show that it didn't come from us.

MfG Kai

References:
- Re: Changing the way we deal with source archives
  - From: Philippe Troin <phil@fifi.org>

Prev by Date: NLSPATH security-problem
Next by Date: Re: NLSPATH security-problem
Previous by thread: Re: Changing the way we deal with source archives
Next by thread: NLSPATH security-problem
Index(es):
- Date
- Thread