>However, it's also useful to note that the potential damage of cracking ker... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cooldeal on Aug 31, 2011 | parent | context | favorite | on: Kernel.org has been hacked (see site news)

>However, it's also useful to note that the potential damage of cracking kernel.org is far less than typical software repositories

What about code that's hosted on kernel.org itself? Isn't kernel.org a source for the public to get the kernel and not git?

http://www.kernel.org/pub/ ftp://ftp.kernel.org/pub/ rsync://rsync.kernel.org/pub/

It would be easy for the exploiter to insert trojaned/rootkitted kernels into those places.

KonradKlause on Aug 31, 2011 [–]

Currently all files get verified. The kernel.org admins have digital signatures of all files...

Torn on Sept 1, 2011 | [–]

Hopefully those signatures aren't on the compromised machines?

KonradKlause on Sept 1, 2011 | | [–]

Of course not.

As one of the users@kernel.org members I can tell you that the kernel.org admins are very competent.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact