Gentoo hacker's code changes unlikely to have worked

Linux distribution Gentoo's maintainers say attempts by attackers last week to sabotage code stored on Github is unlikely to have worked.

Gentoo's Github account was compromised in late June.

The attacker was able to gain administrative privileges for Gentoo's Github account, after guessing the password for it.

Gentoo's maintainers were alerted to the attack early thanks to the attacker removing all developers from the Github account, causing them to be emailed.

Quick action from Gentoo and Github put an end to the attack in about 70 minutes, but not before the attacker was able to modify repository and page content.

Gentoo infrastructure developer Alec "antarus" Warner told iTnews the attacker attempted to add "rm -rf" commands to repository content which, if executed, would delete user data recursively.

rm is a Unix command for removing files, directories and similar. rm -rf denotes a more forcible removal: running it "would cause every file accessible from the present file system to be deleted from the machine", according to Wikipedia.

However, the command is unlikely to have worked within the Gentoo repositories as the attacker had intended, Warner said. 

"For the gentoo/gentoo repository, we don't believe the malicious code would have executed as there are various technical safeguards that would prevent that code from executing," he said.

"For the gentoo/systemd repository, the build system was modified to "rm -rf $HOME ~/". In Gentoo, by default software builds are performed in a sandbox environment and $HOME is unset; we suspect code execution is unlikely in the Gentoo build environment."

Gentoo has published a detailed post-mortem of the attack.

It is looking at improving future security responses with better communication and clearer information to users, as well as tightening up procedures around credential revocation.

At this stage, it is not know who was behind the attack.

Warner said Gentoo will report the hack to the FBI.

He declined to comment further on what could become an active investigation.