1 |
Patrick Lauer wrote: |
2 |
> On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote: |
3 |
> [snip] |
4 |
>>> If someone wanted to exploit boxen he'd use a much simpler attack |
5 |
>>> vector ... our rsync mirrors are wide open. No need to secure the little |
6 |
>>> window over there when the front door is open ... |
7 |
>> Really? I'd like you to give me root on rsync.gentoo.org, then. What's |
8 |
>> that? You can't? What a wonder! |
9 |
> |
10 |
> I don't need that ... |
11 |
> Look, three-step plan to hacking Gentoo boxen: |
12 |
> |
13 |
> 1) open a few rsync mirrors and get them into the official rotation |
14 |
|
15 |
Actually, the only rotation you can get on is a community one (which |
16 |
minimizes the amount of users). All the servers under rsync.g.o are |
17 |
strictly controlled by infra. |
18 |
|
19 |
So nice try ... |
20 |
|
21 |
-- |
22 |
Lance Albertson <ramereth@g.o> |
23 |
Gentoo Infrastructure | Operations Manager |
24 |
|
25 |
--- |
26 |
GPG Public Key: <http://www.ramereth.net/lance.asc> |
27 |
Key fingerprint: 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742 |
28 |
|
29 |
ramereth/irc.freenode.net |