Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to GNOME-Look.org, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400216
To read all comments associated with this story, please click here.
RE[2]: Is it really necessary?
by strcpy on Fri 18th Dec 2009 04:03 UTC in reply to "RE: Is it really necessary?"
strcpy
Member since:
2009-05-20


Why do people persist in thinking that /etc/logrotate.conf is more important than the user's home directory?


It is not more important as data. But this line of thinking worries me. It has "Fedora 12" painted to it; Linux is now suddenly understood to be a big single user "Desktop Spin" (whatever that means).

But as the poster above tried to say, if you are able to own, perhaps in addition to user's data, that /etc/logrotate.conf, implying root compromise, you can probably greatly lengthen the period of the compromise as well as hide the detection of it. To name few examples.

Edited 2009-12-18 04:06 UTC

Reply Parent Score: 2