Gentoo Archives: gentoo-security

From: James Harlow <james@××××××××××××××.nu>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] MD5 mismatch for XFree86 patch
Date: Fri, 05 Dec 2003 01:27:14
Message-Id: 20031205072641.GA86955@james.is.never.wrong.nu
In Reply to: Re: [gentoo-security] MD5 mismatch for XFree86 patch by Anuradha Ratnaweera
1 On Fri, Dec 05, 2003 at 12:31:42PM +0600, Anuradha Ratnaweera wrote:
2 > Was a bit paranoid, if the intruder may have changed both MD5 sum on the
3 > rsync server (are they there, at first place?) _and_ the source tarball
4 > on the other site,
5
6 If an attacker had access to the rsync server he could add a patch in
7 the files/ directory and have the ebuild include it. MD5 mismatches are
8 far, far more likely to be unthreatening.
9
10 --
11 When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift
12
13 --
14 gentoo-security@g.o mailing list