aboutsummaryrefslogtreecommitdiff
path: root/_posts
diff options
context:
space:
mode:
authorAlec Warner <antarus@gentoo.org>2018-06-29 08:29:43 -0400
committerAlec Warner <antarus@gentoo.org>2018-06-29 08:29:43 -0400
commit069955ca501833e77fc33825def253e979d5e697 (patch)
tree2b26a5bce517de1dc71ba08467a9e289a9691a1c /_posts
parentNews update on ongoing incident. (diff)
downloadwww-069955ca501833e77fc33825def253e979d5e697.tar.gz
www-069955ca501833e77fc33825def253e979d5e697.tar.bz2
www-069955ca501833e77fc33825def253e979d5e697.zip
Update post for github incident.
Diffstat (limited to '_posts')
-rw-r--r--_posts/2018-06-28-Github-gentoo-org-hacked.md33
1 files changed, 32 insertions, 1 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md
index f3f65f4..3dfb688 100644
--- a/_posts/2018-06-28-Github-gentoo-org-hacked.md
+++ b/_posts/2018-06-28-Github-gentoo-org-hacked.md
@@ -2,8 +2,39 @@
title: 'Github Gentoo organization hacked'
---
-Update: 04:26 UTC. Gentoo has regained control of the the Gentoo Github Organization. We are currently working with Github on a procedure for resolution. Please continue to refrain from using code from the Gentoo Github Organization. Development of Gentoo primarily takes place on Gentoo operated hardware (not on github) and remains unaffected. We continue to work with Github on establishing a timeline of what happened and we commit to sharing this with the community as soon as we can.
+## 2018-06-29 06:45 UTC
+The `gentoo` GitHub organization remains temporarily locked down by GitHub
+support, pending fixes to pull-request content.
+The Gentoo Infrastructure team have identified the ingress point, and locked
+out the compromised account.
+
+The following repositories received malicious commits, which have been
+reset back to a known good state:
+
+- https://github.com/gentoo/gentoo - mirror of https://gitweb.gentoo.org/repo/gentoo.git/
+- https://github.com/gentoo/musl - mirror of https://gitweb.gentoo.org/proj/musl.git/
+- https://github.com/gentoo/systemd - mirror w/ branches from upstream systemd https://github.com/systemd/systemd
+
+### Ongoing & Remaining actions:
+1. (GitHub) Gentoo is presently waiting for GitHub support to review & revert unauthorized changes to PRs in the above repositories.
+2. (GitHub) The organization will be unlocked.
+3. (Gentoo Infra) Re-add all members to `gentoo` GitHub organization. Some members may have to add 2FA to their GitHub accounts first.
+
+### Completed actions:
+- Reverted repositories to known good state.
+- Reviewed & reverted GitHub settings as needed.
+- Trace & lock-out compromised account.
+
+### Further mitigating factors
+1. No ebuilds are known to have used the systemd repo fork.
+2. The official Gentoo repository list used by eselect-repository and layman listed only git.gentoo.org URLs for Gentoo and musl repositories.
+3. The malicious content has been force-pushed over the original commits, which should have resulted in `git pull` refusing to merge unrelated histories.
+
+## 2018-06-28 23:10 UTC
+Gentoo has regained control of the the Gentoo Github Organization. We are currently working with Github on a procedure for resolution. Please continue to refrain from using code from the Gentoo Github Organization. Development of Gentoo primarily takes place on Gentoo operated hardware (not on github) and remains unaffected. We continue to work with Github on establishing a timeline of what happened and we commit to sharing this with the community as soon as we can.
+
+## 2018-06-28 21:10 UTC
Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of
repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its
repositories. All Gentoo code hosted on github should for the moment be considered compromised.