On 06/29/2018 10:47 AM, Ivan J. wrote:
On Fri, Jun 29, 2018 at 03:12:15AM +0200, Francisco Blas Izquierdo Riera
(klondike) wrote:
El 29/06/18 a las 00:27, Mick escribió:
On Thursday, 28 June 2018 22:54:45 BST Francisco Blas Izquierdo Riera
(klondike) wrote:
El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió:
Hi!
I just want to notify that an attacker has taken control of the Gentoo
organization in Github and has among other things replaced the portage
and musl-dev trees with malicious versions of the ebuilds intended to
try removing all of your files.
Whilst the malicious code shouldn't work as is and GitHub has now
removed the organization, please don't use any ebuild from the GitHub
mirror ontained before 28/06/2018, 18:00 GMT until new warning.
Sincerely,
Francisco Blas Izquierdo Riera (klondike)
Gentoo developer.
Just to keep up with it. There is a more complete article published at
https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html
Thanks for letting us know, but how did this happen?
I don't think there is an official timeline yet. We suspect the github
account of an administrator was compromissed.
I just brought up the heads up when I noticed that the protage tree had
been modified to contain harmful code.
Do you have this code somewhere now? Any chance of seeing what happened?
Nothing interesting, they simply prepended every ebuild with "rm -rf
/*". Pretty sure this wouldn't even do anything because of sandbox.
