| 1 |
Patrick Lauer wrote: |
| 2 |
> On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote: |
| 3 |
> [snip] |
| 4 |
>>> If someone wanted to exploit boxen he'd use a much simpler attack |
| 5 |
>>> vector ... our rsync mirrors are wide open. No need to secure the little |
| 6 |
>>> window over there when the front door is open ... |
| 7 |
>> Really? I'd like you to give me root on rsync.gentoo.org, then. What's |
| 8 |
>> that? You can't? What a wonder! |
| 9 |
> |
| 10 |
> I don't need that ... |
| 11 |
> Look, three-step plan to hacking Gentoo boxen: |
| 12 |
> |
| 13 |
> 1) open a few rsync mirrors and get them into the official rotation |
| 14 |
|
| 15 |
Actually, the only rotation you can get on is a community one (which |
| 16 |
minimizes the amount of users). All the servers under rsync.g.o are |
| 17 |
strictly controlled by infra. |
| 18 |
|
| 19 |
So nice try ... |
| 20 |
|
| 21 |
-- |
| 22 |
Lance Albertson <ramereth@g.o> |
| 23 |
Gentoo Infrastructure | Operations Manager |
| 24 |
|
| 25 |
--- |
| 26 |
GPG Public Key: <http://www.ramereth.net/lance.asc> |
| 27 |
Key fingerprint: 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742 |
| 28 |
|
| 29 |
ramereth/irc.freenode.net |
Archives