Attacks on Linux Package Managers?

Discussion in 'other security issues & news' started by tlu, Jul 16, 2008.

Thread Status:
Not open for further replies.
  1. tlu

    tlu Guest

    http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html

    The recommendation to use only trustworthy official repositories is definitely correct. I don't know how other distros handle the mirror-server problem. But as far as Ubuntu is concerned, there are centralized security updates via security.ubuntu.com (and not via mirror servers). Thus, an attacker would have to perform a man-in-the-middle-attack between s.u.c. and my computer - very unlikely ;). For non-security updates the first sentence applies (i.e. to stick with the default servers or - if you're paranoid - with archive.ubuntu.com).

    But again - other distros might be more affected. Any users of these distros who can deliver some insight?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    Hey Tomas, yesterday yast the package manager for opensuse told me there was a security issue with the package manager itself and then updated it along with various other updates.
     
  3. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    So far I can't see anything taking place in either of our Mandriva or Kubuntu boxes related to the package manager...
     
  4. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    sorry bout the double post... using XP Pro... since SP3, we get nothing but glitches across the board... I cant wait until I'm 100% linux on the entire infrastructure...
     
  5. tlu

    tlu Guest

    Yes,definitely a good choice.:thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.