I updated/upgraded both my AMD64 and AMD k6 "Etch" machines between Feb
10-11, 2009 using "Lenny" test. Both picked up a symptom I haven't seen
since the lpd exploit of the 1990's. This symptom manifests itself as either
a random escalation of the etc directory mode up to 600, or a consistent
escalation to mode 600 upon reboot. I don't remember why the lpd exploit did
this. If this is an exploit, it shakes my confidence in debian online
updating. It would indicate that someone in the trust chain is putting the
distribution in jeopardy. Also, the Bastille firewall on the AMD64 began
locking down port 80 after about 10min of operation. Adding 80 to all
interfaces didn't help. Only shutting down Bastille cleared the block. I
fear this is another indication of the exploit. I threw in some iptable
rules for some protection, and they have been allowed to stand..so far. Has
anyone else experienced this misbehavior after an upgrade? Any suggestions,
other than a complete disk wipe on both machines? In any case, where would I
go for a trusted rebuild, if there truly is a sabateur in the ranks of the
Debian maintainers? Maybe it's time to move to Ubuntu :-(
