Rootkit Packaged for Debian

Erich writes "Debian Developer Simon Richter announced in this posting to debian-devel that he Intends to Package (ITP) a R00tk1t for Debian Linux. The rootkit will make use of debian mechanisms such as diversions to divert the original /bin/ls commands and replace them cleanly by the modified versions. Even reinstalling or upgrading the file-utils package (containing /bin/ls) will then not remove the modified /bin/ls and the rootkit will stay active, being probably the first upgrade-resistant rootkit! This rootkit will then be easy to install by doing "apt-get install rootkit" - a major useability aspect for our fellow wannabe-hackers, making Debian the premier choice for them."

Isn't hacking/cracking

[-douggy]

An act of terrorism now..... Too hard to keep up with crazy US laws.

Re:This may be great and all...

[coyote-san]

Or compromise the servers where you get your .debs.

Remember, a lot of people have cron jobs that update their system. It's intended to ensure security patches are applied soon after they're made available, but for practical reasons some sites use local repositories that might not have the same level of security.

Compromise that, and every other system that updates against it also compromised.

Obviously nobody would have installed (and be updating) a package called "rootkit," but the scripts could be piggybacked on any security update.