All "GNU" software potentially Trojaned
Brett Glass
brett at lariat.org
Thu Aug 14 11:46:22 PDT 2003
At 01:43 AM 8/14/2003, Kris Kennaway wrote:
>On Wed, Aug 13, 2003 at 11:25:04PM -0600, Brett Glass wrote:
>> CERT Advisory CA-2003-21 GNU Project FTP Server Compromise
>
>This never would have happened if they had used the BSDL!
Not true, of course. But on the other hand, the fact that FreeBSD
uses their code means that it may have integrated Trojaned source.
Another reason to avoid using code from a group that's not only
unethical and malicious but also careless about security.
Kris, as a member of FreeBSD's security team I hope you're checking
to make sure that Trojaned code was not included. (The most effective
way would, of course, be to remove the GNU code from FreeBSD, but while
I'd like to see that done it's probably too much to hope for.)
--Brett Glass
More information about the freebsd-chat
mailing list