kernel.org - Security Breach

Grinch · 2011-09-17 16:21:20

Yes, sounds like a likely scenario for all these breaches which occured at roughly the same time. Someone who had root priviledges got their credentials hacked and that account is then used to deploy a rootkit and steal other passwords/keys. From a security perspective there's really not anything one can do to prevent something like this except minimizing the number of people with remote root access and make sure they in turn take every security precaution necessary.

CPU Gastronomy · 2011-09-18 14:48:08

I find that strange that someone is wanting to modify some important linux servers.

Anyway, anyone got news for when kernel,org will be up ? I find that annoying that I have to search files for a lot of PKGBUILD that their files were in the repo of kernel.org (I just did a complet reinstall -_-' ). Sure, security first, but annoying.

KimTjik · 2011-09-18 15:20:18

I saw the link explaining what caused the attack of Frugalware. Has anyone seen what investigations of the attack against kernel.org revealed?

Leonid.I · 2011-09-19 22:10:17

KimTjik wrote:

I saw the link explaining what caused the attack of Frugalware. Has anyone seen what investigations of the attack against kernel.org revealed?

I don't think it is that easy... As far as I remember, the incident was discovered on Aug. 28, but the initial report stated that the actual break-in occured no later that Aug. 12! So whoever that was had a lot of time to cover their tracks.

Grinch · 2011-09-19 23:53:37

Leonid.I wrote:

I don't think it is that easy... As far as I remember, the incident was discovered on Aug. 28, but the initial report stated that the actual break-in occured no later that Aug. 12! So whoever that was had a lot of time to cover their tracks.

I'm not following you, the break-ins have been detected, what are these tracks you suppose they are covering?

Leonid.I · 2011-09-20 16:11:39

Grinch wrote:

Leonid.I wrote:
I don't think it is that easy... As far as I remember, the incident was discovered on Aug. 28, but the initial report stated that the actual break-in occured no later that Aug. 12! So whoever that was had a lot of time to cover their tracks.
I'm not following you, the break-ins have been detected, what are these tracks you suppose they are covering?

For example, a login record in /var/log/auth from a (hacked) user "XXX" with password "passwd" is most likely gone, which makes it hard to pinpoint exact circumstances under which the attack occured.

fsckd · 2011-09-25 04:08:35

Some news on current status and recovery: https://lkml.org/lkml/2011/9/23/357

DrKillPatient · 2011-09-27 03:02:12

I've heard hugely different scales of responses on this-- on one hand, that any important things are very unlikely to have been compromised, and the downtime is occurring mainly to prevent this happening later; and on the other, that Linux is now terribly bad and infected and spying on you for every government in the world all the time and also it's telepathic.

I'm very new to all this. Is such a breach really an enormous issue, or do these things happen occasionally?

ngoonee · 2011-09-27 04:59:00

DrKillPatient wrote:

I've heard hugely different scales of responses on this-- on one hand, that any important things are very unlikely to have been compromised, and the downtime is occurring mainly to prevent this happening later; and on the other, that Linux is now terribly bad and infected and spying on you for every government in the world all the time and also it's telepathic.
I'm very new to all this. Is such a breach really an enormous issue, or do these things happen occasionally?

You'll hear different responses here as well, pretty much mirroring what you'd find (in more detail and with more justification) in various websites and mailing lists

WorMzy · 2011-10-04 10:04:37

Well, looks like kernel.org is back up.

As noted previously, kernel.org suffered a security breach. Because of this, we have taken the time to rearchitect the site in order to improve our systems for developers and users of kernel.org. To this end, we would like all developers who previously had access to kernel.org who wish to continue to use it to host their git and static content, to follow the instructions here.
Right now, www.kernel.org and git.kernel.org have been brought back online. All developer git trees have been removed from git.kernel.org and will be added back as the relevant developers regain access to the system.
Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks. We will be writing up a report on the incident in the future.

EnigmaticCoder · 2011-10-28 03:54:59

Is there an official place to get kernel patches while kernel.org is restored?

karol · 2011-10-28 10:14:05

EnigmaticCoder wrote:

Is there an official place to get kernel patches while kernel.org is restored?

Any particular ones? I found some w/o much of a problem https://bbs.archlinux.org/viewtopic.php?id=128711

Gusar · 2011-10-28 10:33:32

EnigmaticCoder wrote:

Is there an official place to get kernel patches while kernel.org is restored?

They're already on kernel.org, it's just the front page that's outdated. See here: http://www.kernel.org/pub/linux/kernel/v3.x/

Last edited by Gusar (2011-10-28 10:33:55)

EnigmaticCoder · 2011-10-28 18:23:29

karol wrote:

EnigmaticCoder wrote:
Is there an official place to get kernel patches while kernel.org is restored?
Any particular ones? I found some w/o much of a problem https://bbs.archlinux.org/viewtopic.php?id=128711

Yes I'm looking for the apparmor patch (2.4 I think it is).

karol · 2011-10-28 18:27:35

EnigmaticCoder wrote:

karol wrote:
EnigmaticCoder wrote:
Is there an official place to get kernel patches while kernel.org is restored?
Any particular ones? I found some w/o much of a problem https://bbs.archlinux.org/viewtopic.php?id=128711
Yes I'm looking for the apparmor patch (2.4 I think it is).

http://wiki.apparmor.net/index.php/Main … ource_code

AppArmor is in the upstream kernel as of 2.6.36.

Do you still need the patch in this case?

Edit:
http://launchpad.net/apparmor/2.7/2.7.r … rc1.tar.gz seems to have kernel patches

[karol@black apparmor-2.7.0~rc1]$ ls kernel-patches/
2.6.36	2.6.36.2  2.6.37  2.6.39  3.0  3.1

http://wiki.apparmor.net/index.php/Dist … n#Patching

Last edited by karol (2011-10-28 18:41:37)

Arch Linux

#51 2011-09-17 16:21:20

Re: kernel.org - Security Breach

#52 2011-09-18 14:48:08

Re: kernel.org - Security Breach

#53 2011-09-18 15:20:18

Re: kernel.org - Security Breach

#54 2011-09-19 22:10:17

Re: kernel.org - Security Breach

#55 2011-09-19 23:53:37

Re: kernel.org - Security Breach

#56 2011-09-20 16:11:39

Re: kernel.org - Security Breach

#57 2011-09-25 04:08:35

Re: kernel.org - Security Breach

#58 2011-09-27 03:02:12

Re: kernel.org - Security Breach

#59 2011-09-27 04:59:00

Re: kernel.org - Security Breach

#60 2011-10-04 10:04:37

Re: kernel.org - Security Breach

#61 2011-10-28 03:54:59

Re: kernel.org - Security Breach

#62 2011-10-28 10:14:05

Re: kernel.org - Security Breach

#63 2011-10-28 10:33:32

Re: kernel.org - Security Breach

#64 2011-10-28 18:23:29

Re: kernel.org - Security Breach

#65 2011-10-28 18:27:35

Re: kernel.org - Security Breach

Board footer