[ale] ! Openssh package trojaned...
Jonathan Glass
jonathan.glass at ibb.gatech.edu
Thu Aug 1 11:13:17 EDT 2002
At 10:32 AM 8/1/2002 -0500, John Wells wrote:
>This brings to mind a question I've had for awhile now.
>Many sites provide md5 files in addition to a tarball so you can run
>md5sum on the tarball and compare the hash. What prevents some hax0r from
>posting a fake md5 file when they compromise a tarball, so the sums will
>match?
You don't apply the immutable flag to those files?
> >From what little I know about FreeBSD, it seems that ports allowed this
>bogus package to be spotted. I assume this would not be the case on
>linux. So what good is an md5 file anyway? I'm probably missing
>something here...
>
>Thanks,
>
>John
Jonathan Glass, RHCE, Linux+, Network+, A+, MCP
Systems Support Specialist II
Institute for Bioengineering and Bioscience/BME
Georgia Institute of Technology
Voice: 404-385-0127
E-mail: jonathan.glass at ibb.gatech.edu
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list