Re: tlug: web of trust

[Scott Stone <sstone@example.com>]

On Mon, 25 Jan 1999, Jim Schweizer wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Hi all,
> 
> - From /.
> "LWN has an article by Bruce Perens outlining a
> possible attack on Open Source: the Trojan Horse. The
> idea is that malicious patches could be contributed to a
> program from an unworthy source, later to be exploited."

This has already happened.  I got a message this morning from .. some
list, possibly linux-kernel, which I then sent to bugtraq.. anyway, on at
least one FTP site, someone put up a compromised util-linux-2.9g which
contains some code in login.c that sends the userid/gid/password to a
hotmail address or something like that. 

I didn't look into it further except to confirm that my source from which
my util-linux package is built matches the official (correct) md5sum.  The
correct md5sum for the util-linux-2.9g .tar.gz tarball is:

ab409a6ac5a775a4b04b8e27f6c86933  util-linux-2.9g.tar.gz

--------------------------------------------------
Scott M. Stone <sstone@example.com>
Head of TurboLinux English / Systems Administrator
Pacific HiTech, Inc. (http://www.turbolinux.com)


-------------------------------------------------------------------
Next Technical Meeting: February 13 (Sat), 12:30 place: Temple Univ.
** presentation: XEmacs, by Steven Baur and Martin Buchholz
Next Nomikai: March 19 (Fri), 19:30   Tengu TokyoEkiMae 03-3275-3691
-------------------------------------------------------------------
more info: http://tlug.linux.or.jp                     Sponsor: PHT