Re: kernel.bkbits.net and BK->CVS gateway

Jan Harkes (jaharkes@cs.cmu.edu)
Sat, 10 May 2003 15:23:03 -0400


On Sat, May 10, 2003 at 09:22:07AM -0700, Larry McVoy wrote:
> In other words, I think you're safe. Famous last words, we'll now discover
> that our friends in .cz have written the world's first BK virus and it
> corrupts the CVS tree. Or something. Regardless, we've taken steps to
> make sure the CVS data is safe and restorable.

Could you please stop making random accusations? Pavel probably has
better things to do than to write a 'BK virus'. And about that comment
'taking steps to make sure CVS data is safe'...

On Sat, May 10, 2003 at 07:04:55AM -0700, Larry McVoy wrote:
> Dave, I put RH 7.3 on there but didn't install any security fixes, you get
> to do that fun job if you care.

Hmm, let's see https://rhn.redhat.com/errata/rh73-errata-security.html

Remote vulnerabilities for at least, CVS, OpenSSH, OpenSSL, Sendmail,
Apache, Samba, and MySQL.

I sure hope Dave cared, because I wouldn't even consider plugging an
unpatched anything into the network in the first place. Let alone
announce this fact to a widely distributed mailing list.

Even without such a clear announcement any new machine that I connect is
typically portscanned within 30 minutes. Maybe the situation is worse at
CMU because CERT is in our address space or something, but still.

Jan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/