Re: kernel.org status: hints on how to check your machine forintrusion
From: Greg KH
Date: Sat Oct 01 2011 - 15:25:17 EST
On Sat, Oct 01, 2011 at 09:06:12PM +0200, Willy Tarreau wrote:
> On Sat, Oct 01, 2011 at 01:40:44PM -0500, Andy wrote:
> > On Sat, Oct 01, 2011 at 07:54:56PM +0200, Willy Tarreau wrote:
> > > $ git config tar.umask 022
> > Andreas/Willy:
> > It was indeed umask which was skewing the results. Thanks.
> > Now, I'll wait for Willy's hashes since I can't drill down on
> > Linus' 2.6 tree beyond 2.6.x.
> OK I'm attaching two files, one computed with the initial 002 perms and
> a second one with the new 022 perms. I don't precisely know when the perms
> changed, hence the two files. I noticed that 2.6.25 was still 002, and that
> 2.6.32 was 022. In between I don't know. Note that I'm missing some tags
> (at least 22.214.171.124 and a few 2.6.33.x and 2.6.34.x).
> The file is formated to be easily used with "md5sum -c" that dirty way
> (once hashes are split/joined at the location where the umask changed) :
> cd /path/to/mirror/2.6
> cp linux-*.tar.gz /tmp
> cd /tmp
> gunzip linux-*.tar.gz
> md5sum -c expected-hashes.md5
> It would be nice if someone with an access to a mirror could check the
> perms of *every* tarball so that we can establish the definitive list
> of signatures. I'm pretty sure the umask history is not linear. For
> instance, I'm pretty sure I did not change the umask in my config when
> releasing 2.6.27.x kernels and it seems like Greg did not do this either
> so we have 2.6.27 022 and 2.6.27.x 002. Something like this might do it
> (untested) :
> for i in linux-*.tar.gz; do
> set -- $(tar tvf $i|head -1)
> [ "$1" == "drwxrwxr-x" ] && echo "$i 002" || echo "$i 022"
> Hoping this helps a bit.
Very nice, thanks so much for providing an independant verification of
the tarballs, it is much appreciated.
And yes, the umask problem did trip us up when we did the initial
verification as well, fun to see that you all figured out and solved the
problem faster than I did :)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/