1 |
Hello, |
2 |
|
3 |
On 08 Nov 2004 14:47:15 +0100 you wrote: |
4 |
|
5 |
> I will publish step-by-step instructions which explain in |
6 |
> great detail how to ... |
7 |
> |
8 |
> (1) set up a fake sync mirror, |
9 |
> |
10 |
> (2) set up a transparent proxy for rsyncd connections that |
11 |
> are routed through your machine, |
12 |
> |
13 |
> (3) configure your BIND daemon to pretend it had |
14 |
> authoritative information for the gentoo.org zone that |
15 |
> refers to your mirror rather than the real one, and |
16 |
> |
17 |
> (4) what to patch in /usr/portage/eclass/eutils.eclass to |
18 |
> install appropriate exploit code on the user's machine |
19 |
> once emerge is used for the next time. |
20 |
|
21 |
Err... I think this description alone should do it, no need to waste |
22 |
your time writing the n-th description of how to set up a transparent |
23 |
proxy, setting up BIND and so on... You could write an ebuild |
24 |
"hacked-up-rsync-mirror" which does this all, so that all of us |
25 |
can do some testing :-) |
26 |
|
27 |
But i doubt that you really manage to hack up my BIND, place a |
28 |
transparent proxy in my connection to the net or convince me to use your |
29 |
fake mirror. But go on, play... Don't complain here if you're the one |
30 |
being laughed at on that mentioned mailing list... |
31 |
|
32 |
HWH |
33 |
|
34 |
-- |
35 |
gentoo-security@g.o mailing list |