hacked package on server

Igor Peshansky pechtcha@cs.nyu.edu
Mon Jul 16 19:10:00 GMT 2007

On Mon, 16 Jul 2007, Louis Kruger wrote:

> > > As the package installed, I saw some strange behavior, I'm worried
> > > it might have been some kind of trojan.
> >
> >   Are you able to actually describe "strange behaviour"
> It crashed the setup program, which seemed to indicate it was installing
> strangely named files.  It also corrupted the cygwin package directory.
> I could not run the setup program again even using a different mirror
> until I cleaned out the file /etc/setup/vim.lst.gz.

Ah, now we're getting somewhere.  Can you please attempt the installation
again and save the copy of the vim.lst.gz (and post it as an attachment)?
Setup should not crash on corrupted packages -- the fact that it did
probably indicates a bug in the bzip2 library or in the setup package
handling code.

> Your evidence seems to indicate that it is simple corruption rather than
> tampering.  I am pleased to see that.

Well, if it *were* some kind of trojan or virus, the corrupted executables
would come into play when *invoking* vim, not when attempting to install
      |\      _,,,---,,_	    pechtcha@cs.nyu.edu | igor@watson.ibm.com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Belief can be manipulated.  Only knowledge is dangerous.  -- Frank Herbert

Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list