Is Fedora Have Backdoor ?!

Florian Weimer fw at deneb.enyo.de
Sun Feb 22 22:42:31 UTC 2015


* مصعب الزعبي:

> Thank You for Care .. from everybody for this case .. 
>
> I know that talking about Fedora as a backdoor container makes us angry .. But we must be careful about these sensitive issues.
>
> As a reply :
>
> My friend didn't have enabled auto-update.

The archive meta-data can be updated automatically even if the actual
updates are not installed.

> He completely Surprised of un-human-authorized connection by fedora.
> He disabled these actions by :
>
> sudo echo  127.0.0.1 vm3.fedora.ibiblio.org proxy3.fedoraproject.org apps.fedoraproject.org 6-55-236-85.rev.customer-net.de >> /etc/hosts

This does not work, for two reasons: “>>” is evaluated before the sudo
privilege escalation, and Fedora will not use the host names you
listed.  This means that adding them /etc/hosts will not block their
use.

You need to look at the network traffic with Wireshark and figure out
what the original host names are (“sudo tcpdump -i any -s 0 -v port
53” would work as well). This will also tell you what is actually
going on.


More information about the devel mailing list