LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Security Breach at kernel.org (https://www.linuxquestions.org/questions/linux-security-4/security-breach-at-kernel-org-900485/)

Konphine 09-15-2011 12:27 PM

That's what I'm afraid of, and I tried to download it but it said the service was down which is why I'm wondering if it was safe of me to even go there and try either via wget or by internet browser.

hua 09-16-2011 02:59 AM

Since I read about this security breach I examine the security level of my desktop. Actually I downloaded and compiled the latest kernel from kernel.org at 31.Aug.
Because its only my desktop with no important data on it (instead of reinstall) I started to read my logs from the network logging system.
Even if my kernel should be somehow tampered (with some hidden processes) I cannot find any suspicious traffic on network level.
So maybe this can show that the kernel source was not Tampered. (?)

I mean any malicious (modified) part of the kernel which should serve to take control or use my system somehow requires network activity.

ButterflyMelissa 09-17-2011 06:31 AM

Panic is not the option, here.

Again, Open Source will prevail...because it's "all over the place" so a single attack will not make more that a (serious) dent.

By the way, it shows where we stand against the "other" one...if there is an attack, we dont cover up and pretend our noses bleed... :)

As a future note: let's all meditate on how to strengthen the "system" and what with (software, package signing, hashes, what have you)...and flush the ideas around to let them mature...

Hey, I just got wind of this because I needed to recompile a kernel...so...

Thor

H_TeXMeX_H 09-17-2011 11:22 AM

git seems pretty resilient, so that may be the safe way to get the kernel source in the future. As can be seen from this example the local checksums weren't helpful.

ButterflyMelissa 09-17-2011 11:26 AM

Quote:

git seems pretty resilient
Thanks, let's see if I can use it...

Edit...ehrm...any manuals out there? I've heared/read about it, but never considered it... (noob as I am)

Edit 2 : IXquick was my friend...sorry for my earlier panic attack :D

H_TeXMeX_H 09-17-2011 01:38 PM

There is a 'man git'. Usually you'll be using 'git clone' and 'git pull'.

ButterflyMelissa 09-17-2011 01:52 PM

Thanks...

man, it gives me a creepy feeling...let's hope the stuff is back on-line soon...

unSpawn 09-17-2011 03:19 PM

Linux Security is a forum that deals with facts, not fiction. Conjecture, giving voice to vague ideas just don't belong. Please keep this thread factual and on topic.

ButterflyMelissa 09-17-2011 03:22 PM

Gottit...sorry. Straightening up now...

ButterflyMelissa 09-26-2011 03:26 AM

One fact-question (no speculations):

Does anyone know when kernel.org and Linux.com will be back? Or, has the output been moved elsewhere and I'm not (yet) aware of it.

Sorry for a doofy question...

Thanks

Thor

Nylex 09-26-2011 04:46 AM

Quote:

Originally Posted by Thor_2.0 (Post 4482359)
One fact-question (no speculations):

Does anyone know when kernel.org and Linux.com will be back? Or, has the output been moved elsewhere and I'm not (yet) aware of it.

This is relevant.

ButterflyMelissa 09-26-2011 05:11 AM

Thanks Nylex

andrewthomas 09-26-2011 06:48 AM

For those looking to update from Linus Torvald's kernel tree it is on github now.

https://github.com/mirrors/linux


https://github.com/mirrors/linux.git

Read Linus' message

https://lkml.org/lkml/2011/9/4/92

and substitute the above for

the replaced:
https://github.com/torvalds/linux.git

If you already have a cloned tree you can change your remote with:

git remote set-url origin https://github.com/mirrors/linux.git

BlackRider 10-06-2011 10:17 AM

The kernel site is online again.

www.kernel.org

Konphine 10-10-2011 03:49 PM

The site is back up but it's not possible to download anything right now.


All times are GMT -5. The time now is 12:12 AM.