This is the mail archive of the
mailing list for the GCC project.
Re: gcc-3.3.1.tar.bz2 file on ftp://gcc.gnu.org/ tainted?
- From: Gerald Pfeifer <gerald at pfeifer dot com>
- To: Peter Niemayer <niemayer at isg dot de>
- Cc: gcc at gnu dot org
- Date: Thu, 14 Aug 2003 00:35:15 +0200 (CEST)
- Subject: Re: gcc-3.3.1.tar.bz2 file on ftp://gcc.gnu.org/ tainted?
- References: <3F3A9F5A.email@example.com>
On Wed, 13 Aug 2003, Peter Niemayer wrote:
> I hope the reason is less dramatic than what was just reported by the
> german computer magazine Heise about another GNU ftp server (gnuftp.gnu.org) -
> they write that gnuftp.gnu.org has been hacked and somebody got root-access
> since march...:
Definitely by far less dramatic: md5.sums on gcc.gnu.org are generated by
a cron job, and the script basically would mishandle files currently being
uploaded with scp -p.
I tracked this down and Jason Molenda already updated the script, so it
should never ever happen again.