On 08/23/2015 07:42 AM, greg.freemyer@gmail.com wrote:
On August 22, 2015 2:45:30 AM EDT, Lew Wolfgang
wrote: Hi Folks,
This is kind of a rhetorical question. Has there ever been a documented instance of malware being injected into either a base openSUSE release, or that was delivered by subsequent patch/application loads from repositories? How about the semi-official repositories? I remember the forums were compromised once upon a time. Lew, hating to be pedantic, but what is malware?
Good point! For this discussion we can say that any unauthorized modification of anything in a repository after it was published is suspect. The "authority" in this case would be the person/organization responsible for the publishing. Any modification of a package subsequent to being published must be assumed to be threatening. One of my customers is worried about malware injection in mirrored repositories, possibly located in bad neighborhoods. But it looks like zypper can be instructed to check each rpm's pgp signature. I'll try testing this later to see if it really flags a modified binary. Malware injection prior to authorized publication is another matter. How well does openSUSE check for this? Does SUSE do a more thorough job with SLES? How about RedHat? How about hardware vendors? I heard that Lenovo motherboards have a BIOS that detects a Windows install and if found, replaces a key Windows binary with one of it's own. It's basically a BIOS-resident root-kit that is completely invisible to the operating system. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org