Re: [LAU] Ardour.org hacked...

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: <althompson58@...>, <robin@...>, Nick Copeland <nickycopeland@...>
Cc: linux-audio-user@lists.linuxaudio.org <linux-audio-user@...>
Date: Thursday, March 7, 2013 - 2:34 pm

On Thu, 7 Mar 2013 15:14:42 +0100, Nick Copeland wrote

Of course. It'll be as vulnerable as the compiled ardour you download from
a hacked server ;-)

> Is the code signed? 

Probably not. It might be possible to provide checksums (wich you would have to
commuincate over a secure channel ...) but in the presence of line-end conversion
et al. even that is non-trivial.

> What I am getting at is that if you install ardour using a root account but the 

Yes. That's pretty obvious. Almost the same is true for non-root installs as well.
Just install a backgound process that logs all X-events (key-down ...) and you'll
be able to get root access.

Iff you protection against this kind of exploits you pretty much need to audit you
code base or use distributions that use signed packages. Trust your
distribution or
audit, those are the only options you have.

> I doubt this since if I wanted to own a few systems then I would not leave the

Which distribution _doesn't_ sign it's packages? What code is weakly protected?
Even most major download/DVCS sites use secure communication channels these days
(https). The problem is the naive asumption that self-compiled code would be more
secure. Not a Linux problem, I'd say ...

Cheers Ralf Mattes

> Regards, nick.

--
R. Mattes -
Hochschule fuer Musik Freiburg
rm@inm.mh-freiburg.de

_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@lists.linuxaudio.org
http://lists.linuxaudio.org/listinfo/linux-audio-user

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
[LAU] Ardour.org hacked..., Peder Hedlund, (Wed Mar 6, 9:54 pm)
Re: [LAU] Ardour.org hacked..., , (Wed Mar 6, 10:32 pm)
Re: [LAU] Ardour.org hacked..., Ralf Mardorf, (Fri Mar 8, 8:31 am)
Re: [LAU] Ardour.org hacked..., Robin Gareus, (Thu Mar 7, 8:20 am)
Re: [LAU] Ardour.org hacked..., Folderol, (Wed Mar 6, 10:16 pm)
Re: [LAU] Ardour.org hacked..., david, (Thu Mar 7, 5:48 am)
Re: [LAU] Ardour.org hacked..., Jason Jones, (Wed Mar 6, 10:17 pm)
Re: [LAU] Ardour.org hacked..., Q, (Wed Mar 6, 10:00 pm)
Re: [LAU] Ardour.org hacked..., Peder Hedlund, (Wed Mar 6, 10:11 pm)
Re: [LAU] Ardour.org hacked..., david, (Thu Mar 7, 5:56 am)
Re: [LAU] Ardour.org hacked..., Al Thompson, (Thu Mar 7, 6:01 am)
Re: [LAU] Ardour.org hacked..., Dan MacDonald, (Thu Mar 7, 8:21 am)
Re: [LAU] Ardour.org hacked..., Robin Gareus, (Thu Mar 7, 8:21 am)
Re: [LAU] Ardour.org hacked..., Nick Copeland, (Thu Mar 7, 2:14 pm)
Re: [LAU] Ardour.org hacked..., R. Mattes, (Thu Mar 7, 2:34 pm)
Re: [LAU] Ardour.org hacked..., Oon-Ee Ng, (Fri Mar 8, 1:47 am)
Re: [LAU] Ardour.org hacked..., Paul Davis, (Thu Mar 7, 2:38 pm)
Re: [LAU] Ardour.org hacked..., Paul Davis, (Thu Mar 7, 2:26 pm)
[LAU] Just a (bad) joke (Was Re: Ardour.org hacked...), Peder Hedlund, (Thu Mar 7, 7:49 pm)
Re: [LAU] Ardour.org hacked..., Dan MacDonald, (Thu Mar 7, 8:23 am)