Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430316
To view parent comment, click here.
To read all comments associated with this story, please click here.
jabbotts
Member since:
2007-09-06

So, how many times are you going to ignore Gentoo then? It got into the distribution. It got into the Gentoo repositories. It got onto end user machines if they installed UnrealIRCd from the Gentoo repositories. More importantly, Gentoo had the fixed package available pretty much immediately after fixed source was available from UnrealIRCd.

I'll agree fully that repository distribution has the most solid history so far but let's not be deluded and seriously say "never has happened, never will happen".

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

So, how many times are you going to ignore Gentoo then? It got into the distribution. It got into the Gentoo repositories. It got onto end user machines if they installed UnrealIRCd from the Gentoo repositories. More importantly, Gentoo had the fixed package available pretty much immediately after fixed source was available from UnrealIRCd.

I'll agree fully that repository distribution has the most solid history so far but let's not be deluded and seriously say "never has happened, never will happen".


I didn't know about that. Wow. I'm flabbergasted. Gentoo hasn't read security 101 then? They got an unsigned binary tarball from a server somewhere, and put it in their repositories? The very act that is an absolute no-no? Gentoo users downloaded and installed it?

Really? That is almost beyond belief. Staggering.

I'm reminded once again of a quote from a German playwright/poet by the name of Friedrich Schiller:
http://en.wikipedia.org/wiki/Friedrich_Schiller

"Against stupidity the gods themselves contend in vain." (Talbot, in: The Maid of Orleans)

Edited 2010-06-16 12:32 UTC

Reply Parent Score: 2

chris_l Member since:
2010-02-14

So, how many times are you going to ignore Gentoo then? It got into the distribution. It got into the Gentoo repositories. It got onto end user machines if they installed UnrealIRCd from the Gentoo repositories. More importantly, Gentoo had the fixed package available pretty much immediately after fixed source was available from UnrealIRCd.


Dude, Gentoo is basically garbage. No one with more than one active brain cell takes it seriously.

Reply Parent Score: 1

jabbotts Member since:
2007-09-06

I wasn't premoting it.. just pointing out that a major distribution did get hit. And, due to human error rather than technical issues. Everybody makes mistakes and Gentoo where open about it and provided a prompt fix.

I still maintain that if it was Debian, it would have been news worthy as it would take some serious human failure or criminal genius.

Reply Parent Score: 2