• [deleted]

kyrios Thanks for the input I am brand new to the Solus Forum. I can repost there or you guys might move it for me. Now I know so I will do just that going forward with security issues. No distro is perfect but it's just how you respond that matters most.

  • [deleted]

brent I had the rootkits showing on my earlier install. I'll soon be checking into Peppermint 10 OS as well. I'll be sure to cover my findings in a video soon enough.

Listen I'm not out to do anything but encourage, uplift and make Solus OS respected across the entire world. Look you guys have done a bang up Job. This just needs to addressed responsibly like anything else.

  • [deleted]

JoshStrobl That is what it showed when performing an update of my packages list if I remember correctly. I do remember it saying SHA 1 for the 1 way hash in the terminal. If I can get another machine up and running with Solus OS soon I'll be sure to show you my findings. I'm working on pulling a replacement build together.

  • [deleted]

DataDrake It's not an accusation. It's a support request for a suspected security flaw. If it's not taken seriously than how can I comfortably continue to use and recommend your distribution.

  • [deleted]

JoshStrobl I didn't realize until after the fact how old the video was which is even more concerning.

    • [deleted]

    [deleted] What was done about this then. Was it reported? English Bob is active on Big Daddy Linux and I'm sure he must've mentioned it.

    I certainly don't speak for the distro, just a user, but I find it more likely your installation/files have been compromised than the ISOs, especially after DD verified the masters. Esp since you're finding the same thing in another distro.
    It's certainly not impossible, but I expect the end user to have more issues than the ISOs. Though the ISOs would be the second best way to spread something evil. The first would be the update server and it's files.
    Btw, I have a Masters in Computer SCI too, and I worked for twenty years in IT Security, the last ten for Hewlitt Packard. So I'm not just throwing stuff around with no basis 🙂 even if it is just an opinion.

      • [deleted]

      dbarron Your cool and I appreciate that. Yeah I'm not so sure one of my tarballs might have let something through but I already ran the tarballs through virus total and they came up clean.

      • [deleted]

      Wow my entire comment was just zapped. I may very well be wrong and I hope that I am. As an IT Pro myself the symptoms I was having that I listed below screams malware. It's that type of behavior that I'd see on any Windows machine I work on.

      For what it's worth I'll verify the ISO on a reinstall but do you guys think I should post my findings as a bug report. Just listing the systems alone without any unwarranted suspections or extraneous commentary so as to not yield another false alarm if that is the case.

      Ultimately my findings were concerning enough that it brought me to posting it just as I did. I was very worried. I do believe my issue is very valid.

      • [deleted]

      DataDrake I will hopefully have that documented soon. I completly understand you wanting to see proof. Don't we all but you cannot just expect any average user to have such proof.

      You have to be able to deal with things on a case by case basis and take every reasonable post with caution and concern.

        • [deleted]

        • Edited

        EbonJaeger To the best of my memory it shows that I've an SHA1 1 way hash
        when issuing the following command(s):

        -- sudo eopkg update
        -- sudo eopkg upgrade

          • [deleted]

          JoshStrobl I am very happy to hear Solus is taking the security of it's ISO's so seriously. Thanks for letting me know this. I will hopefull be able to get proof of my finding again soon. I just didn't have time or patience to save the documentation last time. I was in a dead rush working with clients.

          I appologize for any undue turmoil this may have caused. My findings were serious and concerning to me which led me to making this post. I sincerely wanted help and still do wish to resolve the issue.

          • [deleted]

          DataDrake Fake News really. It's clearly not fake news. It's my real world experience this past June 2019 weekend.

          I've had so much anxiety over this and it was over the weekend. For you to call my serious hard work and findings fake news is a little concerning. I use my system for work. I

          'm being brutally honest just like always. Would you please remove your childish flag. It's very off putting, judgmental and unhelpful.

            [deleted] It's fake news because you haven't substantiated your claim. When you do provide proof, please do it through the APPROPRIATE channels like any IT professional would do, then it can be reviewed and analyzed. Until then, this post does nothing to help security.

            [deleted] Don't we all but you cannot just expect any average user to have such proof.

            I would expect anyone making such accusations no matter their expertise to have proof.

            [deleted] We currently use a SHA1 hash for our package index. It's not as big a deal as you think, and is something we will be improving when we replace eopkg. Inside every package you will also find a listing of files with both sizes and SHA1 hashes. Fooling a SHA1 is possible, but not at the same file size. It's also something that we can verify in seconds if there's even a mild concern.

            [deleted] I will not remove the flag. You have demonstrated no proof of your claims and have unnecessarily spread fear to other users. On top of that you did not even remotely choose the right channels to send this information through which shows either a lack of respect or experience for how to report potential security vulnerabilities. One does not inform their friend that their front door is unlocked at a specific address, out loud, in a quiet public place for all to hear.

            [deleted]

            I completly understand you wanting to see proof. Don't we all but you cannot just expect any average user to have such proof.

            If you have reason to suspect something, that reason should be given in order to serve as proof of needing to investigate.

            [deleted]

            Symptoms:

            Opening Files with other File Contents and not changing to the current file being opened.

            I have no idea what you mean by this

            Dropping of browsers and downloads at random.

            Surely poor wireless card drivers, DNS, or a bad connection can also cause this?

            Core System Files modified containing ld.so

            An example file would go a long way toward addressing this concern. As well as a description of what you mean by modified.

            RKHunter revealing a warning showing 3 possible rootkits

            RKHunter is notorious for reporting false-positives. That's part of why they are marked as Warnings and not Found.