Gentoo hacker's code changes unlikely to have worked

By on
Gentoo hacker's code changes unlikely to have worked

Tried to insert command to forcibly remove data.

Linux distribution Gentoo's maintainers say attempts by attackers last week to sabotage code stored on Github is unlikely to have worked.

Gentoo's Github account was compromised in late June.

The attacker was able to gain administrative privileges for Gentoo's Github account, after guessing the password for it.

Gentoo's maintainers were alerted to the attack early thanks to the attacker removing all developers from the Github account, causing them to be emailed.

Quick action from Gentoo and Github put an end to the attack in about 70 minutes, but not before the attacker was able to modify repository and page content.

Gentoo infrastructure developer Alec "antarus" Warner told iTnews the attacker attempted to add "rm -rf" commands to repository content which, if executed, would delete user data recursively.

rm is a Unix command for removing files, directories and similar. rm -rf denotes a more forcible removal: running it "would cause every file accessible from the present file system to be deleted from the machine", according to Wikipedia.

However, the command is unlikely to have worked within the Gentoo repositories as the attacker had intended, Warner said. 

"For the gentoo/gentoo repository, we don't believe the malicious code would have executed as there are various technical safeguards that would prevent that code from executing," he said.

"For the gentoo/systemd repository, the build system was modified to "rm -rf $HOME ~/". In Gentoo, by default software builds are performed in a sandbox environment and $HOME is unset; we suspect code execution is unlikely in the Gentoo build environment."

Gentoo has published a detailed post-mortem of the attack.

It is looking at improving future security responses with better communication and clearer information to users, as well as tightening up procedures around credential revocation.

At this stage, it is not know who was behind the attack.

Warner said Gentoo will report the hack to the FBI.

He declined to comment further on what could become an active investigation.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
gentoo github linux open source security software
In Partnership With

Most Read Articles

Telstra, Optus and Vodafone temporarily block websites after Christchurch attack

Telstra, Optus and Vodafone temporarily block websites after Christchurch attack
Telstra and Optus secure round four mobile blackspot sites

Telstra and Optus secure round four mobile blackspot sites
Coles quietly expands Uber Eats deliveries to essentials like bread, milk, Netflix

Coles quietly expands Uber Eats deliveries to essentials like bread, milk, Netflix
Govt to spend $220m on mobile, co-fund NBN area switches

Govt to spend $220m on mobile, co-fund NBN area switches
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How Macquarie University has prepared for fire and flood
How Macquarie University has prepared for fire and flood
Guide to Fully-Composable Software-Defined Private Cloud
Guide to Fully-Composable Software-Defined Private Cloud
Is slow data silently killing your business? Here's why you should care.
Is slow data silently killing your business? Here's why you should care.
Cloud, AI, infosec: Is your IT strategy keeping up?
Cloud, AI, infosec: Is your IT strategy keeping up?
Australian business moves to a new cloud era
Australian business moves to a new cloud era

Events

Log In

Username / Email:
Password:
  |  Forgot your password?