Gentoo hacker's code changes unlikely to have worked

By on
Gentoo hacker's code changes unlikely to have worked

Tried to insert command to forcibly remove data.

Linux distribution Gentoo's maintainers say attempts by attackers last week to sabotage code stored on Github is unlikely to have worked.

Gentoo's Github account was compromised in late June.

The attacker was able to gain administrative privileges for Gentoo's Github account, after guessing the password for it.

Gentoo's maintainers were alerted to the attack early thanks to the attacker removing all developers from the Github account, causing them to be emailed.

Quick action from Gentoo and Github put an end to the attack in about 70 minutes, but not before the attacker was able to modify repository and page content.

Gentoo infrastructure developer Alec "antarus" Warner told iTnews the attacker attempted to add "rm -rf" commands to repository content which, if executed, would delete user data recursively.

rm is a Unix command for removing files, directories and similar. rm -rf denotes a more forcible removal: running it "would cause every file accessible from the present file system to be deleted from the machine", according to Wikipedia.

However, the command is unlikely to have worked within the Gentoo repositories as the attacker had intended, Warner said. 

"For the gentoo/gentoo repository, we don't believe the malicious code would have executed as there are various technical safeguards that would prevent that code from executing," he said.

"For the gentoo/systemd repository, the build system was modified to "rm -rf $HOME ~/". In Gentoo, by default software builds are performed in a sandbox environment and $HOME is unset; we suspect code execution is unlikely in the Gentoo build environment."

Gentoo has published a detailed post-mortem of the attack.

It is looking at improving future security responses with better communication and clearer information to users, as well as tightening up procedures around credential revocation.

At this stage, it is not know who was behind the attack.

Warner said Gentoo will report the hack to the FBI.

He declined to comment further on what could become an active investigation.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
gentoo github linux open source security software

Sponsored Whitepapers

Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights
Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data
Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data
Technology skill development: The strategy for building better teams
Technology skill development: The strategy for building better teams

Events

Most Read Articles

Aussie Broadband makes late push for NBN high-speed upgraders

Aussie Broadband makes late push for NBN high-speed upgraders
Any Android security app is better than Google Play Protect

Any Android security app is better than Google Play Protect
Services Australia shifts most Centrelink payments to SAP S/4 HANA

Services Australia shifts most Centrelink payments to SAP S/4 HANA
Australian Covid-19 vaccine certificates come to digital wallets

Australian Covid-19 vaccine certificates come to digital wallets

Log In

Email:
Password:
  |  Forgot your password?