Re: berlios.de compromised since 2005

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 13, 2010 at 11:33 AM, Jon Ciesla <limb@xxxxxxxxxxxx> wrote:
> Seth Vidal wrote:

>>
>>
> Thanks, Seth. And if we don't, what's a good resource for security
> auditing n00bs?

1) Look over the change history. Don't trust the source repository but
older versions of the tar balls and see what has changed between them.
2) Look over the code for what doesn't make any sense... sometimes the
dropping of some shell code or obsfucated shell code is obvious this
way.
3) What are the permissions of the programs.. setuid/setgid
programs/packages should be looked at more closely.
4) Look over what the program opens, closes, etc. fetchmail opening
mail files is probably ok.. it opening up /proc/kmem?? maybe not.
5) Work on getting a group of code auditors together in Fedora to look
these over more thoroughly.

This will find the non-clever people (who are usually 40-60% of the
people who break in and change stuff). The clever ones.. no idea.. a
complete line by line audit might uncover it.. at which point you have
rewritten the app.




-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux