1 |
Am 23.10.2011 09:49, schrieb Mick: |
2 |
> On Saturday 22 Oct 2011 22:30:45 Volker Armin Hemmann wrote: |
3 |
>> Am Samstag 22 Oktober 2011, 18:14:32 schrieb Nikos Chantziaras: |
4 |
>>> On 10/22/2011 05:07 PM, Adam Carter wrote: |
5 |
>>>>> there aren't any Linux viruses, |
6 |
>>>> |
7 |
>>>> Except for the ones listed on the page below, which is probably |
8 |
>>>> incomplete. http://en.wikipedia.org/wiki/Linux_malware |
9 |
>>>> |
10 |
>>>> But yeah, on a linux desktop (especially a Gentoo one) you don't need |
11 |
>>>> a virus scanner. Yet. |
12 |
>>> |
13 |
>>> There are literally *millions* of Windows viruses. The Wikipedia page |
14 |
>>> just proves Linux has virtually no viruses, and those listed don't even |
15 |
>>> work anymore (exploits have been patched long ago.) Most existing Linux |
16 |
>>> malware targets servers (like PHP software exploits in forums, wikis, |
17 |
>>> etc) and desktop users don't need to worry. |
18 |
>>> |
19 |
>>> Furthermore, even if there were enough Linux viruses to worry about, |
20 |
>>> there isn't a good way of getting infected. On Windows, you download |
21 |
>>> random executables from the net. On Gentoo, you install your stuff |
22 |
>>> through portage. It's nearly impossible to get infected. |
23 |
>> |
24 |
>> except when someone puts up or takes over a rsync server and starts |
25 |
>> providing malicious ebuilds. |
26 |
>> |
27 |
>> |
28 |
>> Hilarious. |
29 |
> |
30 |
> Isn't that what happened back in 2003/04? I can't recall exactly but there |
31 |
> was some discussion where it was suggested that clients should rsync against |
32 |
> two different mirrors and diff the portage contents (or hashes thereof?), before |
33 |
> accepting the sync result. |
34 |
|
35 |
That still doesn't protect you against man-in-the-middle attacks or an |
36 |
attack against the CVS tree (like the recent kernel.org disaster). |
37 |
|
38 |
Signing the manifest files is really the only reasonable solution. Good |
39 |
thing there seems to be some progress in that direction: |
40 |
https://bugs.gentoo.org/show_bug.cgi?id=360363 |
41 |
|
42 |
Regards, |
43 |
Florian Philipp |