Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

debian-cd possibly hacked on ftp.ca.debian mirror

User discussion about Debian Development, Debian Project News and Announcements. Not for support questions.
Post Reply
Message
Author
Marcipicus
Posts: 14
Joined: 2014-01-17 15:30

debian-cd possibly hacked on ftp.ca.debian mirror

#1 Post by Marcipicus »

Hi there. I wanted to download the entire source tree for debian using wheezy but I can't get the debian-cd or simple-cdd to work and I found some things that don't make sense to me.

Here is the gist of it copied from my post in the user forum.
Cannot get program to create debian Cds

Postby Marcipicus » 2014-01-17 15:56
Hi there,

I was trying to get the entire source code repository of debian wheezy on a debian cd like the images you can download from the debian site. Anyways I did some research on the internet and I think I needed the debian-cd program(probably the wrong program I should just mirror the site and take the hit in bandwidth use).

Here's the problem I downloaded the program and it looks as if debian-cd is not installed and there were some suspicious packages that were installed along with it namely fakeroot which I don't really trust since someone with the authority to create those cds probably also has root on their machine.

Here's the output from apt-get install debian-cd. I'm concerned with the fakeroot program in particular which you can see in the required packages. http://packages.debian.org/wheezy/fakeroot. I would personally say that code that "simulates" a root environment basically gives them root privileges. Maybe I'm ignorant.
The original post has the output from apt-get and the effect of running the program.
here's the link if you're still interested.

http://forums.debian.net/viewtopic.php?f=10&t=110837

I was hoping to find someone who is knowledgable about this stuff to investigate into the package and when it changed etc.. I'll help if someone needs me to.

I just checked the qa site(http://packages.qa.debian.org/d/debian-cd.html I'm using stable) and it looks to me like the source is still fine but ftp.ca.debian.org mirror might have been hacked and the package replaced with one that gives root access basically. Someone should do some investigating into this since it's a pretty serious breach and there could be other packages that have changed.

Please let me know if there's an investigation going on into this since I'm kind of interested in what happened.

Marcipicus
Posts: 14
Joined: 2014-01-17 15:30

Re: debian-cd possibly hacked on ftp.ca.debian mirror

#2 Post by Marcipicus »

Someone fixed it, the problem isn't there anymore.
You need to update the http server in addition to updating the packages from a known good source. Assuming that's the only service that's running.

Post Reply