project:htd
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
project:htd [2012/03/15 13:58] – package manager vuln ideas ruza | project:htd [2018/06/24 23:59] (current) – removed pinky | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Hack the Distros ====== | ||
- | ===== Intro ===== | ||
- | |||
- | Aim of this work is to provide information about the difficulty and methods of getting a backdoor into various Linux distributions and other FOSS operating systems like BSD. | ||
- | |||
- | It is a reaction to [[http:// | ||
- | |||
- | We would like to investigate what are the options of getting such malicious code into open-source operating systems and compare the various methods like modifying tarballs in upstream and downstream, or taking advantage of unsigned packages on the mirrors. | ||
- | |||
- | ===== Common attack vectors ===== | ||
- | |||
- | Probably a good way how to start investigating is by the definition of common attack vectors. | ||
- | |||
- | ===== Current Status ===== | ||
- | |||
- | ==== Arch Linux ==== | ||
- | |||
- | ==== Debian ==== | ||
- | |||
- | ==== Fedora ==== | ||
- | |||
- | ==== Gentoo ==== | ||
- | |||
- | ==== openSUSE ==== | ||
- | |||
- | ==== Ubuntu ==== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | |||
- | ==== NetBSD ==== | ||
- | |||
- | ==== OpenBSD ==== | ||
- | |||
- | ===== Exploits ===== | ||
- | |||
- | * exploit A - via upstream | ||
- | |||
- | * exploit B - via downstream | ||
- | |||
- | ===== Report ===== | ||
- | |||
- | ... | ||
- | |||
- | |||
- | ===== Idea mix ===== | ||
- | |||
- | https:// |