Critical Incident - 2018-01-15

Critical Incident - 2018-01-15

What happened?

During the weekly update of package repositories yesterday, some scripts and binaries that were only meant to be installed on our internal infrastructure were incorrectly pushed to all users. The updates that contained the offending content were only available for a short window (less than 24 hours) and have now been removed from all official mirrors.

The update contained an experimental cryptocurrency miner and its configuration files. The intention was to leverage the idle CPU time on Sabayon infrastructure hosts to increase funding for the project via a Monero wallet. This was setup on one of the internal development repositories for testing and accidentally promoted to the main Sabayon package repositories in error by another member of staff who was unaware of its existence.

We are very sorry that this has happened and we apologize for any inconvenience it may have caused you.

How can you tell if you’ve been affected?

If your systems updated the package repositories (e.g. using “equo update”, or from the rigo background auto updater), between 2018-01-14 20:30 UTC and 2018-01-15 18:00 UTC, you may find a miner process named “sd” running on your system. This process may have been using up to 100% of one CPU core since then.

You may also see a hidden file at “/etc/entropy/.infra_machine” was was intended to limit the affects to only the infrastructure hosts, but which was inadvertantly created on all machines.

How can you clean up?

Either killing the miner “sd” process if present, or restarting your computer will stop this activity. If present on your system the “.infra_machine” hidden file can be safely deleted with “sudo rm /etc/entropy/.infra_machine”.

No further cleanup is required as the miner scripts were not made to be persistent.

What next?

As sign of good faith we will be donating the equivalent amount of money generated by the miners to charity. At time of writing, this is approximately valued at 5 Euro. You can independently check the value of the wallet and any transactions relating to it by entering the wallet address (49oFnBbQbwXEJ8eTcWxVDb12Sbktn9XHQ6ysezutij4xGbXLYaygeDNTWEKoae9E4fMedQJy5g9QMQk1Hy7YuB7HHaJSGdg) at moneropools. The chosen charity will be announced on the blog once all mining activity has slowed/stopped and the final amount generated is known.

This happened in part because the Sabayon package build process involves manual activity by different staff members on the same server. We have already been working for some time on further automating these processes to remove the manual work on servers, and make the build processes more transparent to users.


Thanks to Joe Cuchac for bringing this issue to our attention earlier today, and to nks0ne, iTitou, and Mr-Hide from IRC for their assistance in tracking down the source.

January 15, 2018
450 words

incident updates sabayon

Our Community

You don't have to be able to code to help the Sabayon Community. There are many ways to contribute, be it your passion, your skills, your time or a monetary donation.
Sabayon is user powered, created solely on freely given user contributions, so why not help out and give back to the community?

Join us on Facebook, Google+

Meet our crazy community on Facebook. Alternatively, have fun with the guys and gals on Google+, or simply +1 us our Google+ page.

Get Sabayon

There are many different Sabayon variants.
Each one is designed for a specific purpose and designed to bring out the best in your hardware
We provide Live versions of most of our variants, so you can try out Sabayon without touching your Computer's Hard drive.