[Git][reproducible-builds/reproducible-website][master] 2019-08: Make the Webmin link link to their homepage.

Chris Lamb gitlab at salsa.debian.org
Fri Sep 6 11:51:15 UTC 2019



Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
baecbbef by Chris Lamb at 2019-09-06T11:50:53Z
2019-08: Make the Webmin link link to their homepage.

- - - - -


1 changed file:

- _reports/2019-08.md


Changes:

=====================================
_reports/2019-08.md
=====================================
@@ -33,7 +33,7 @@ If you are interested in contributing to our project, please visit our [*Contrib
 
 [![]({{ "/images/reports/2019-08/webmin.png#right" | prepend: site.baseurl }})](http://www.webmin.com/)
 
-A backdoor was found in [Webmin](http://www.webmin.com/exploit.html) a popular web-based application used by sysadmins to remotely manage Unix-based systems. Whilst more details can be found on [upstream's dedicated exploit page](http://www.webmin.com/exploit.html), it appears that the build toolchain was compromised. Especially of note is that the exploit "did not show up in any Git diffs" and thus would not have been found via an audit of the source code. The backdoor would allow a remote attacker to execute arbitrary commands with superuser privileges on the machine running Webmin. Once a machine is compromised, an attacker could then use it to launch attacks on other systems managed through Webmin or indeed any other connected system. Techniques such as reproducible builds can help detect exactly these kinds of attacks that can lay dormant for years. ([LWN comments](https://lwn.net/Articles/796951/))
+A backdoor was found in [Webmin](http://www.webmin.com/) a popular web-based application used by sysadmins to remotely manage Unix-based systems. Whilst more details can be found on [upstream's dedicated exploit page](http://www.webmin.com/exploit.html), it appears that the build toolchain was compromised. Especially of note is that the exploit "did not show up in any Git diffs" and thus would not have been found via an audit of the source code. The backdoor would allow a remote attacker to execute arbitrary commands with superuser privileges on the machine running Webmin. Once a machine is compromised, an attacker could then use it to launch attacks on other systems managed through Webmin or indeed any other connected system. Techniques such as reproducible builds can help detect exactly these kinds of attacks that can lay dormant for years. ([LWN comments](https://lwn.net/Articles/796951/))
 
 In a talk titled [*There and Back Again, Reproducibly!*](https://cfp.linuxdev-br.net/2019/talk/VH9CCY/) Holger Levsen and Vagrant Cascadian presented at the 2019 edition of the [Linux Developer Conference](https://linuxdev-br.net/) in São Paulo, Brazil on Reproducible Builds.
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/baecbbefcc4fd0b88c989496721a30a23312a088

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/baecbbefcc4fd0b88c989496721a30a23312a088
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20190906/eea4ed79/attachment.html>


More information about the rb-commits mailing list