Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kernel.org Compromised

Posted by samzenpus on from the everyone-is-doing-it dept.

First time accepted submitter JoeF writes "There is a note posted on the main kernel.org page indicating that kernel.org was compromised earlier this month: 'Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.' The note goes on to say that it is unlikely to have affected the source code repositories, due to the nature of git."

13 of 312 comments (clear)

  1. Wishful thinking by Mensa+Babe · · Score: 2, Insightful

    "[I]t is unlikely to have affected the source code repositories, due to the nature of git" [emphasis added] Yeah, because no one has ever downloaded the kernel any other way than by making a local fork of the git repository. No one has ever used the http, ftp and rsync links on the kernel.org website, or clicked the "Latest Stable Kernel" icon on that very website, right? Also remember that the mirrors don't mirror the git repositories but the http/ftp archives from kernel.org servers, the very same servers that has been compromised. The kernel.org home page encourages visitors to use those mirrors so it is not unreasonable to assume that some people do in fact use them. How many of them could have downloaded a compromised kernel? How many of them could be using it as we speak? Seriously people, this is big. I really mean totally freaking big. Thanks to the open source nature of the kernel it is trivial to add a rootkit and make a new tarball. If the attackers were worth their salt then they should do exactly that.

    --
    Karma: Positive (probably because of superiour intellect)
    1. Re:Wishful thinking by Anonymous Coward · · Score: 5, Insightful

      And seriously, why else would you hack kernel.org?

    2. Re:Wishful thinking by X0563511 · · Score: 2, Insightful

      Are you stupid?

      The files are in a git repository. That's what matters, not what you wrap around it to provide for requests. Anyone who happened to have a local git copy will notice VERY QUICKLY what changed when they try to commit... and I'd venture to say that nearly all of the kernel developers Who Matter use git for their development workflow.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    3. Re:Wishful thinking by Manfre · · Score: 3, Insightful

      If the attackers were worth their salt, after gaining access they would drop in their own custom replacements for patch, make and gcc. For such a large code base, it is not easy to tell if the code going in is yielding the expected instructions.

    4. Re:Wishful thinking by msauve · · Score: 4, Insightful

      "why else would you hack kernel.org?"

      1337 points.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  2. Oops by drolli · · Score: 4, Insightful

    This is bad. Would the same thing happen to MS i dont think /.ers would skip the possibility to bash them.

    1. Re:Oops by jrbrtsn · · Score: 5, Insightful

      If the same thing happened to Microsoft, Microsoft wouldn't let anybody know.

    2. Re:Oops by realityimpaired · · Score: 5, Insightful

      But more seriously, the fact of the matter is, most of the tripe spewed against Microsoft hasn't been true since the pre-XP era. This combines with idiots who don't comprehend what security actually is, and buy into the, "LINUX IS TOTALLY SECURE! LOLZ!" crap.

      Ok... I'll bite.... I will concede that Windows is a lot more secure than some folks will have you believe, but there is still one glaringly huge security flaw in Windows that would be ridiculously easy for Microsoft to fix: the accounts created during install time are all administrative accounts.

      To its credit, Windows will allow you to change those accounts to non-administrative, and it will give you the option of creating non-administrative accounts when you later go in to the user cp, but by default, it still makes everybody an administrator unless explicitly told not to.

      Now... the fundamentals of securing a Windows system are exactly the same as the fundamentals of securing a Linux system: don't run any unnecessary daemons, particularly daemons that listen to outside connections, and be careful what you allow to run on your computer. When possible, run anything that executes arbitrary code (like, say, Flash or Silverlight) sandboxed, or not at all. And above all, apply all security updates as soon as they're available. (well, assuming your source of security patches didn't get compromised....)

      It's not hard to lock down a Windows system, and all of the above has been doable since NT3.1 in 1993. But as long as its default setting is for users to have administrative access, and it doesn't require any kind of secondary authentication to run programs with elevated permissions (and don't get me started on the debacle that is UAC), then Windows is *not* as secure as most Linux distros. The average user is simply not going to go out of their way to lock down a system once they have gone through the initial setup, and with that in mind, Windows is defective by design. It's in the name of usability, which is certainly understandable, but don't paint it with rose coloured glasses: you can achieve the same level of security under Windows, but you have to do more to reach it.

  3. he's talking about tarballs by bill_mcgonigle · · Score: 4, Insightful

    The files are in a git repository. That's what matters, not what you wrap around it to provide for requests.

    So http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.4.tar.bz2 gets pulled dynamically from git?

    the kernel developers Who Matter

    Are you saying users don't?

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:he's talking about tarballs by Anonymous Coward · · Score: 4, Insightful

      %Y-%m-%d please! Americans...

    2. Re:he's talking about tarballs by Anonymous Coward · · Score: 2, Insightful

      Apart from the argument that YMD sorts it is also unambiguous. The first 12 days of each month can also be interpreted as month numbers. There are DMY countries and MDY countries. Can you always be sure which convention is being used? There are no YDM countries, so YMD is unambiguous.

  4. Re:How did they hack it? by recoiledsnake · · Score: 3, Insightful

    The post on kernel.org states that it was possibly due to a compromised user account. They stated that they discovered it through some errors related to Xnest /dev/mem and that they captured some of the exploit code. I believe they're still looking at everything to figure how how the intruders got in and what they touched.

    Kudos to the kernel.org team for their prompt action and immediate disclosure.

    How did the so called user account compromise result in root access? Care to explain?

    --
    This space for rent.
  5. YMD sorts by perpenso · · Score: 5, Insightful

    Yeah, like I need to be reminded what year it is on a daily basis.

    Actually YMD is useful because it sorts.