debian-cd possibly hacked on ftp.ca.debian mirror

News and discussion about development of the Debian OS itself

debian-cd possibly hacked on ftp.ca.debian mirror

Postby Marcipicus » 2014-01-19 17:49

Hi there. I wanted to download the entire source tree for debian using wheezy but I can't get the debian-cd or simple-cdd to work and I found some things that don't make sense to me.

Here is the gist of it copied from my post in the user forum.
Cannot get program to create debian Cds

Postby Marcipicus » 2014-01-17 15:56
Hi there,

I was trying to get the entire source code repository of debian wheezy on a debian cd like the images you can download from the debian site. Anyways I did some research on the internet and I think I needed the debian-cd program(probably the wrong program I should just mirror the site and take the hit in bandwidth use).

Here's the problem I downloaded the program and it looks as if debian-cd is not installed and there were some suspicious packages that were installed along with it namely fakeroot which I don't really trust since someone with the authority to create those cds probably also has root on their machine.

Here's the output from apt-get install debian-cd. I'm concerned with the fakeroot program in particular which you can see in the required packages. http://packages.debian.org/wheezy/fakeroot. I would personally say that code that "simulates" a root environment basically gives them root privileges. Maybe I'm ignorant.


The original post has the output from apt-get and the effect of running the program.
here's the link if you're still interested.

viewtopic.php?f=10&t=110837

I was hoping to find someone who is knowledgable about this stuff to investigate into the package and when it changed etc.. I'll help if someone needs me to.

I just checked the qa site(http://packages.qa.debian.org/d/debian-cd.html I'm using stable) and it looks to me like the source is still fine but ftp.ca.debian.org mirror might have been hacked and the package replaced with one that gives root access basically. Someone should do some investigating into this since it's a pretty serious breach and there could be other packages that have changed.

Please let me know if there's an investigation going on into this since I'm kind of interested in what happened.
Marcipicus
 
Posts: 14
Joined: 2014-01-17 15:30

Re: debian-cd possibly hacked on ftp.ca.debian mirror

Postby Marcipicus » 2014-01-19 20:05

Someone fixed it, the problem isn't there anymore.
You need to update the http server in addition to updating the packages from a known good source. Assuming that's the only service that's running.
Marcipicus
 
Posts: 14
Joined: 2014-01-17 15:30


Return to Debian Development

Who is online

Users browsing this forum: No registered users and 1 guest

fashionable