Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel Back-Door Hack Attempt Discovered

Posted by simoniker on from the intrigue-and-skullduggery dept.

An anonymous reader writes "The BitKeeper to CVS gateway was apparently hacked in an attempt to add a root exploit back door to the Linux kernel, according to the linux-kernel archive. The change was in the file kernel/exit.c and changed the user ID of a process to root under the guise of checking the validity of some flags. The core Linux BitKeeper kernel repository was not at risk, and in fact it was the BitKeeper CVS export scripts that detected the unauthorized modifications to CVS. The changes were falsely attributed in CVS to long-time Linux developer davem (David Miller). Users of the BKCVS repository should resync their trees to remove the offending code if they had replicated it since yesterday."

3 of 687 comments (clear)

  1. hehe by lone_marauder · · Score: 0, Flamebait

    As usual, Microsoft is overplaying its hand. They should stick to astroturfing slashdot.

    --
    who are those slashdot people? they swept over like Mongol-Tartars.
  2. In unrelated news, sockets.h changed a little... by wrinkledshirt · · Score: 0, Flamebait

    typedef unsigned int csNetworkSocket;

    #if !defined (CS_NET_SOCKET_INVALID)
    // This is the stuff we stole from SCO, keep it hushed
    # define CS_NET_SOCKET_INVALID ((csNetworkSocket)~0)
    #endif

    --

    --------
    Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...

  3. Re:disappear? by malakai · · Score: 1, Flamebait
    Disappearing would only raise suspicion, not abate it. And it doesn't change the fact that this code gets reviewed a lot by a lot of different people. It would get noticed pretty quickly, methinks.

    Ha ha ha hah. yeah, right, because in the opensource world people _rarely_ are given CVS access, do some work, and then dissapear into the void.

    While linux kernel may be more guarded, 98% of projects on sourceforge probably has people with CVS write access that are no longer active in the project. This is a huge nightmare for larger opensource projects. FreeNet, CrystalSource, other with lists of developers often time don't keep day-to-day tabs on developers.

    I think this is from Ian Clarke over on Freenet devel 10/30/2003:
    There are about 63 people currently with developer access to CVS, and
    most of these people, to the best of my knowledge, are not currently
    active in the project. This is a security risk.


    So while opensource gives you the ability to have peer level code review, it doesn't force it. Which means, on particularly large systems, code can creep in without being scrutized to much (unless it doesn't work). Especially if the code is technical and few people understand the jist of it.

    People always say "well, review the code yourself then". That's great if you know wtf your doing, that doesn't help Joe noobie.

    --
    -Malakai
    A Dragon Lives in my Garage