Subject: RE: [Fwd: RE:Fwd: Compromised Linux Box [#7826335]] (Response fro m hypermart.net)
From: Arthur Corliss (arthur@corlissfamily.org)
Date: Tue Apr 23 2002 - 15:52:00 AKDT
> Not to beat a horse or anything, but the site in question was
> just a script-kiddie repository, not a distribution site for
> knowledgeable folk to come get information and updates about
> security testing.
>
> 99% of the tarballs in question were binary-only, good for the
> specific distribution they were labled for. Only one tarball
> of the ones I checked came with any source -- (adore, which is
> a loadable kernel module to hide processes, and needs to be built
> on a per-kernel basis.)
>
> OTOH, we need to support the folks who write this code. If you
> mirror it to ensure wide distribution and availability, only
> make the source available. Yes, it's only 2 steps away from
> a script-kiddies hands, but that's still 2 more steps they have
> to deal with.
>
> OTGH, it's a never-ending war, isn't it..
I never saw the site before it was taken down, so I didn't know about the
lack of source. I agree with you the source should be made available. Mind
you, I'm still not completely opposed to having binaries available (if you're
crazy enough to run a binary from an untrusted source) since some legitimate
users might find themselves on a proprietary UNIX (for example: the compiler
that ships with HP/UX out of the box is only good for compiling the kernel.
To compile actual ANSI compliant stuff, you'd need the commercial compiler :-
P).
----Arthur Corliss Bolverk's Lair -- http://arthur.corlissfamily.org/ Digital Mages -- http://www.digitalmages.com/ "Live Free or Die, the Only Way to Live" -- NH State Motto
--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Wed Apr 24 2002 - 09:46:54 AKDT