Hello,

On 08 Nov 2004 14:47:15 +0100 you wrote:

> I will publish step-by-step instructions which explain in
> great detail how to ...
> 
>  (1) set up a fake sync mirror,
> 
>  (2) set up a transparent proxy for rsyncd connections that
>      are routed through your machine,
> 
>  (3) configure your BIND daemon to pretend it had
>      authoritative information for the gentoo.org zone that
>      refers to your mirror rather than the real one, and
> 
>  (4) what to patch in /usr/portage/eclass/eutils.eclass to
>      install appropriate exploit code on the user's machine
>      once emerge is used for the next time.

Err... I think this description alone should do it, no need to waste
your time writing the n-th description of how to set up a transparent
proxy, setting up BIND and so on... You could write an ebuild
"hacked-up-rsync-mirror" which does this all, so that all of us
can do some testing :-)

But i doubt that you really manage to hack up my BIND, place a
transparent proxy in my connection to the net or convince me to use your
fake mirror. But go on, play... Don't complain here if you're the one
being laughed at on that mentioned mailing list...

HWH

--
gentoo-security@g.o mailing list