Slashdot Mirror
The Linux Backdoor Attempt of 2003
Hugh Pickens DOT Com writes "Ed Felton writes about an incident, in 2003, in which someone tried to backdoor the Linux kernel. Back in 2003 Linux used BitKeeper to store the master copy of the Linux source code. If a developer wanted to propose a modification to the Linux code, they would submit their proposed change, and it would go through an organized approval process to decide whether the change would be accepted into the master code. But some people didn't like BitKeeper, so a second copy of the source code was kept in CVS. On November 5, 2003, Larry McAvoy noticed that there was a code change in the CVS copy that did not have a pointer to a record of approval. Investigation showed that the change had never been approved and, stranger yet, that this change did not appear in the primary BitKeeper repository at all. Further investigation determined that someone had apparently broken in electronically to the CVS server and inserted a small change to wait4: 'if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) ...' A casual reading makes it look like innocuous error-checking code, but a careful reader would notice that, near the end of the first line, it said '= 0' rather than '== 0' so the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words it's a classic backdoor. We don't know who it was that made the attempt—and we probably never will. But the attempt didn't work, because the Linux team was careful enough to notice that that this code was in the CVS repository without having gone through the normal approval process. 'Could this have been an NSA attack? Maybe. But there were many others who had the skill and motivation to carry out this attack,' writes Felton. 'Unless somebody confesses, or a smoking-gun document turns up, we'll never know.'"
Unless somebody has proof that somebody was trying to create a back door then stop with all of the "X-Files" shit. It could have been a hacker trying to put that code in. How was the system that hosted the CVS repository managed? Was it hacked? Was there any investigation or was it possibly somebody that did something stupid and now everybody thinks it's somehow tied to the NSA?!?!?
Let's just go forward with what we know and stop the speculation, that is unless somebody has some hard facts like an IP address that belongs to the government or a chain of evidence.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
while( var = Backdoor() )
{
fluff goes here
}
else
{
just give em selinux
}
"Felten! Felten! Oh Jesus CHRIST, FELTEN!"
This has been posted plenty of times on here, and this article has no new information on the backdoor attempt. About the only thing is the spurious claim the NSA was behind hit. Geez.
If your language returns a boolean from assignment, then it sucks and invites this sort of thing.
if (a = b) ... should always be an error.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Each of us has between 10 and 10,000 different code lineages in operation on our desktop.
Single = in an if statement should end in warning and should be considered error in production code. There should be compiler --switch for this.
It's why placing constants on the left of the equality operator is a good idea in C/C++. The whole line then looks suspicious because its constants are on the right, and the first thing you'll think about is bugs involving operator = instead of operator ==. Unfortunately there's a lot of old code that doesn't do this, but it's easy enough for a compiler to issue warnings about operator = in if-statements.
Who ordered that?
Article overlooks the other big backdoor which was installed in 2003: SELinux.
I still have no idea why my kernel would need an internal firewall, but I do know why the NSA would want to install one in mine and everyone elses'. Exactly how many more NSA scandals do we require before this "feature" is rolled back?
May the Maths Be with you!
The difference between linux and closed source OSs is that on linux you may be able to identify malicious code in the kernel and remedy this situation. For closed source solutions you're truly fucked through and through. You seriously think Microsoft and Apple haven't backdoored their OS ? Just one more reason to stop using closed source software if you value your privacy, your secrets etc...
I am impressed that the kernel team caught that. Kudos!
Signed,
Spartacus
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
I'm not familiar with how Linux coding goes but how does code show up that nobody knows who wrote it? There's no IP tracking or user accounts or logins or an e-mail account or anything? People can just throw nonsense out there anonymously and maybe it'll get included? Or did they bypass the normal submission means and somehow just sneak it into an about to be built code block?
Slashdot has sucked for ELEVEN YEARS.
http://lkml.indiana.edu/hypermail/linux/kernel/0210.1/1978.html
a lot of hot air, slashdot fodder and a troll
10 years ago...this isn't new news. It could have been Larry McVoy himself, for all we know, he had motivation to see CVS die a painful death, no?
I guess compilers are already smart enough to warn about this kind of accident, but sometimes I still wonder if it would have been better to have := for assignment and = for comparison also in C.
-Wno-parentheses switch added to the "EXTRA_CFLAGS" in the makefile
...what can be adequately explained by stupidity.
Python does this at all times. The assignment operator is just plain invalid within an "if" conditional.
Most compilers do make this at least a warning. It isn't an error because it's a moderately common C-ism to do this in order to assign and check the return value or a function in 1 statement. Particularly if the value is a standard 0 on error or NULL on error return.
I still have more fans than freaks. WTF is wrong with you people?
I hope the Linux team, which has the security of billions of people in their hands, uses far better security than Felton's article implies. (And for all I know it is.)
The excerpt above suggests that someone happened to notice a change that wasn't pointing to an approval record. What if nobody happened to notice? What if the attacker also created an approval record? And was there a serious effort to find the exploit used and close it, and find the perpetrator?
I hope the Linux kernel's integrity is monitored much more carefully. For example (and I'm just guessing; I don't know much about the Linux kernel), someone could manually validate that every change to the code's fingerprint (and/or the compiled kernel's fingerprint) is legitimate. At ~200 changes/day, one person could do it -- a small investment for something so critical.
The widespread use of Linux makes it an exceptionally valuable target. People will spend a lot of time and money attacking it. It's security needs to be proportional to the threats.
No, it shouldn't.
http://linux.slashdot.org/story/03/11/06/058249/linux-kernel-back-door-hack-attempt-discovered
Doesn't GCC warn for this by default? I'm pretty sure I remember getting compiler warnings from it in cases when I deliberately had an assignment operator in an if conditional.
It's FOIA time!
I always use '-Wall -pedantic' for gcc, and if my code is producing any warnings, I always fix them all.
If the kernel developers had been doing this, they would have seen a big fat warning. For those who still like to use this dubious idiom, putting double parentheses around the assignment make the side effects more explicit to the reader and disables the warning.
look at this wrong opinion right here.
look at it.
Most of the article is about the backdoor, there is one line mentioning NSA that starts with could, it's one possible suspect among many others so stop getting all ultra-defensive.
You might want to look at your own reaction on this. Would you react the same way if it said "could it have been a Chinese attack?" Are you over-reacting because you want everything to be fair or because you're brainwashed by patriotism?
here No need to thank me.
This wouldn't have happened if they had written it in Basic.
Or perhaps it was the KGB? Or Nazi's hiding out in South America?
OR PERHAPS..... ALIENS FROM OUTER SPACE!!!!
Well, since we're in the mood of publishing rubbish ideas with ZERO evidence I vote for aliens!
No, it shouldn't.
It likely should be an error if you're setting it to a constant. That's equivalent to forcing true or false in the if, with a side-effect of changing the value of a variable. I can only see a few very convoluted cases where that would make any sense, and there are far more readable ways to write them.
The old 'if (fp = fopen("foo", "r") )' makes sense, but there's no real reason to write it that way any more. It should at least be a warning.
99.99% of programmers don't need to use single = in a conditional, so add a compiler switch to disallow it as a syntax error instead of just a warning.
Given modern optimizing compilers designed hand-in-hand with chips, probably 99.99999%. Like 3 guys maybe.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
various repos, such as cvs.openbsd.org ware owned using the same bug few months before that. all kinds of fun were had.
that is until one fucktard leaked the code to kiddies who had no idea of hacker ethics, that is to stay under the radar at all costs (or just troll theo, because his hacker ethics won't allow to public admit he has been owned).
this eventually killed the cvs bug, and, together with the same sad fate of rsync bug, made the "trust no-one with your warez" rule set in stone.
My theory is Dave Miller is a spy.
He "claims" he didn't make the kernel change in 2003 but his name was on the changelog.
He is the primary networking maintainer (a perfect position to sneak in other backdoors)
He is part of the GCC steering committee (another place where backdoors and vulnerabilities would be useful)
He even looks a little shifty :-) http://en.wikipedia.org/wiki/David_S._Miller
"the Linux team was careful enough to notice that that this code was in the CVS repository" Do I win a prize for being careful enough to notice that that?
Yep, if no one has seen any aliens, you could assume that they don't exist. BUT, if you see even one alien, you could say that they are everywhere.
Simple math man, 2 = infinity .
All the criminal activity the NSA has done and continues to do has done nothing but made the entire hardware and software structure of the Internet vulnerable, paving a smooth, superhighway to everyone else in the world that wishes to either destroy modern society or simply steal money from the 99%.
The petard the NSA and Western World will be hoisted upon is one of their own making. (Cylons 1:15)
There's no such thing as 2
I use it all the time in code like:
if(( bytesWritten = write(sock, buf, bytesRemaining)) == ERROR) {
It's an ok to deal with the fact that the BSD socket API is overly verbose and a pain to deal with. The last time I made a mistake accidentally doing = instead of == was a long, long time ago, though. So I'm not sure it's a real problem.
"First they came for the slanderers and i said nothing."
Even if the code had been accepted and committed, it would have been some time before it would have started rolling out into systems. How many people do you know who consistently run the latest Linux kernel? The most popular distros are generally (at least) a few months behind on adopting the latest kernel, so even if this was committed next week it would have likely not shown up in widespread use until the middle of next year at the earliest.
And beyond that, the users that use Linux are likely far less interesting to the NSA than they like to tell themselves to be. Enemies of the state don't generally have an interest in running anything other than windows (which they often steal, so the cost is irrelevant).
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Hi there!
If it was the NSA, it'd be hard to trace now. Especially as this is going back to 2003, prior to all this excitement. It doesn't matter. It didn't work, and the NSA is suspected of perpetrating more recent attacks at a different level in the chain.
But this example brings up a good point, which is how vulnurable C and C++ code is in general to obfuscation. It is a known security risk and attack vector, but programmers tend to gloss over it, mainly when they can't accept that they are just as capable of making mistakes as the next guy.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
here No need to thank me.
I wasn't going to.
Am I the only one who is REALLY afraid of aliens trying to backdoor my cornhole?
Geez, wasn't this when the SCO Lawsuits 'R Us started? They are more likely to have been at fault here than the NSA. More like a bunch of wannabe half-ass hacks attempting to write a way to plant code than some other wild-ass theory.
and it would have worked too, if it hadn't been for those meddling kids.
Well if it happened in 2003, then we know it cannot possibly be the NSA. After all, we have been told repeatedly by the mainstream media and by reputable unbiased sites such as our beloved slashdot that the government was 1000% righteous and benevolent from 2001-2008 and only became evil after we elected a socialist anarchist fascist liberal hippie far left islamist atheist democratic dictator to the white house. So clearly, the NSA in 2003 could not have been behind an attempt to insert malicious code into the Linux kernel; and if they somehow were then real Americans had nothing to fear about it anyways!
But of course, they weren't behind it! They couldn't have done it!
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
So if one were to grep the source code for "uid = 0" today, I assume that any instances found are legit?
Remember the NSA has worked to HARDEN linux, and even contributed the SElinux system.
A broken clock is right twice a day.
Unless you broke it by pulling the hands off.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
99.99% of programmers don't need to use single = in a conditional, so add a compiler switch to disallow it as a syntax error instead of just a warning.
In gcc, you can do -Werror=parentheses if you want to make this an error rather than a warning.
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
I just say "no thanks" to Git.
why do you need bsckdoors, when linus (and others) are putting backdoors in the kernel and other parts of linux and opensource?
to start, how about the mess of a random number generator for starts, that linus is actively defending that is proven insecure and faulty?
he could fix it in the time he has spent defending it. why linus? have you recieved any letters from various agencies that is stopping you?
how about the openssl mess.
why is red hat dragging its feet about updating the library leaving tls and other things broken for years on all related distros?
i am a super fan of open source and linux, but is exactly as a fan that i am outraged by the state of security and the way the leaders of the open source community is pretending there are no problems across the linux community.
i know, the flaims will follow for such statements, and i might point out you are just making my point. flaim me, but i ask that you spend 30 mins reviewing the state of some code in some opensource project (or at least try to review if you if you lack the skills).
too much trust is being put in too few hands in open source. as open source has gotten more popular, the code base has exploded across the open source landscape. who is auditing the security over all?
The main method of attack by NSA programmers who work in ALL the big open-source projects is to ensure poor coding methods are used, so that simply 'overflow' or memory management fails allow rogue code to be executed, pulling in the NSA payload onto the user's system.
The problem with a 'back-door' is that it is visible code with an obvious purpose, and can potentially be traced back to the teams responsible. Exploitable code flaws, on the other hand, can be ignored as the 'expected' variability of code quality. A 'back-door' is a clear construction. A code flaw is a 'consequence' of the range of expected quality of coding as described by a 'Bell curve', and thus has plausible deniability.
Code libraries are the BIGGEST problem. Take Windows. Do you REALLY think a multi-billion dollar company like Microsoft could not have fixed its string-overflow issues. But such 'faults' form 50%+ of all purposely created NSA vectors.
Linux relies on a bunch of libraries, each of which is KNOWN to be buggy as hell when more obscure data packets are processed (like JPG files with exotic formats). Linux tends to ONLY perfect the commonly used paths. No-one using or deploying Linux has much of a clue what happens if rarely used functions of libraries are used.
How can this be fixed? It can't. Anyone who codes on a big project knows that even getting the core stuff good is a royal pain. The idea that comprehensive test data will be crafted for functionality present but almost never required is a JOKE. If security is an issue, all big software projects (commercial or open-source) MUST be considered to be highly compromised, and other methods used to protect against intrusion.
The NSA is thousands of times worse than even most of you informed types realise. It has a yearly budget running beyond tens of billions purely on the R+D side
alone (hardware has its own funding). The NSA expects EVERY major piece of software you use to be heavily compromised, so rogue datasets allow code injection. Owners of major software companies KNOW the NSA will have them set up for major jail time if they fail to co-operate. The USA is infinitely more ruthless than the Soviet Union ever was. And since co-operation does NOT usually mean 'back-doors', but the simple use of common libraries that the NSA has compromised, cooperation with the demands of the NSA causes few sleepless nights.
Slashdot pushes stories like this to make you look in the wrong direction. It is like when the mainstream media tells you that ONLY phones with GPS chips can be location tracked (a complete lie- it is a requirement under US law that ALL mobile phones have their locations continuously monitored by so-called cell-tower triangulation methods). Or when you are told your vehicles are exclusively tracked by cameras, when the vast majority of tracking is done by under-surface RFID readers reading the RFID chips that have been mandated for embedding in tires for years now. Or how the shills tell you to ignore the fact that Bill Gates personally oversees the NSA Xbox One Kinect spy project, the Common Core atrocity in US schools, and the inBloom full surveillance database of every child in the USA that he co-created with Fox News' owner, Rupert Murdoch (awww- all you thick sheeple thought Gates and Murdoch were on opposite sides- how cute).
That must be wrong, Pascal does that!
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
More like p.r job for PC safety courtesy of nsa. One story says Linus jokes about a backdoor, another says- no chance we spotted the code, carry on thinking your safe from hackers or the government with open source. Truth is likelihood of backdoor in linux kernel is very high, in MS its a sure thing. Competitions of hidden malicious code surely won't inspire a whole generation of 15 year old spotty teenagers to learn this stuff, way quicker than those of us a bit older... ;)
You're making two false assumptions. The minor one is the latter, that enemies of the state generally all run windows. That's just a silly assumption. But even if that were true, the larger false assumption is more subtle: that the NSA is only interested in what "enemies of the state" are doing. The NSA is demonstrably interested in what everyone is doing. Maybe it's just data gathering in case John Q Citizen turns out at some future time to be an "enemy of the state". Maybe it's an arbitrariness in just what constitutes an "enemy of the state". After all, if the NSA is acting in (what they consider to be) the state's interests, then isn't an enemy of NSA also an enemy of the state? And we can see where that road leads...
Whereas your view, if it could be someone else, then it can't be the NSA is no better.
Oh, and before you whine like a bitch "Where did I say it can't be the NSA?", where did they say it must be the NSA?
I transpose '=' for '==' not infrequently.
Mind you, its not because I'm incompetent, but because its all part of my plan to root the world.
This sig is not paradoxical or ironic.
I'm suprised that no one mentioned the Underhanded C Contest
http://underhanded.xcott.com/
Quoting their web site:
"The goal of the contest is to write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil. "
Anonymous Coward did it.
I remembered this incident when it occurred. Last month I spent an hour searching the Internet for any trace of it and came up empty. At the time I was taking an IT security course and I wanted to share the details of the incident with my classmates. Given recent events within the IT security community, this story seemed very relevant. I couldn't find anything at all so I eventually gave up.
Thank you for bringing this incident back to light.
"Have you stopped beating your wife YET ?
Then it WAS Bush's fault!
My bad, I was just trying to contriubute to the linux code base securely.
. . . getting back at the C-language community for the lame use of "=" as an assignment operator and allowing explicit state changes (assignments -- you still have function evaluation side effect to worry about) within condition tests.
It was you? Wasn't it?
So that everyone would stop using CVS.
Please correct the main post - you've got Ed Felten's name misspelled twice. See the cited blog post (https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/), and Wikipedia's article on him (http://en.wikipedia.org/wiki/Ed_Felten). Apparently this misspelling happens often enough that Wikipedia redirects silently.
Thanks, folks.
tell it again
Yes. Government(s). That's what we're saying.
I've fallen off your lawn, and I can't get up.
I did it when I was there to pick up my prescriptions....... Get it???...
Wah Wah Wah Waaaaaaaah.
Yes. The rest of us wish they would just so you'd shut up about it.
j/k
It contains informative links that aren't in TFA. Well done.
Knowledge is power; knowledge shared is power lost.
*sigh*
"And beyond that, the users that use Linux are likely far less interesting to the NSA...."
While Linux users are not particularly interesting to anyone (except an advertiser or demographer, e.g.), having a back door giving root would be handy should an individual end-user become a person of interest.
The attractive targets are servers, or more specifically machines used to run various networks, I should think. I doubt that a worthy enemy of the state would be conducting his core affairs on a machine connected to the 'Net; I would imagine that any machine under his control connected to the Internet would be part of the execution of some ploy and therefore backstopped and made anonymous (by cutouts and such) to a fare-thee-well.
https://www.youtube.com/watch?v=a43kowi2ncI
And beyond that, the users that use Linux are likely far less interesting to the NSA than they like to tell themselves to be.
Every large financial institution in the country uses Linux on their servers.
Linux on the desktop? Mostly geeks. Linux on servers? Everywhere you look! Of course, that's also where the fun data that the NSA cares about also happens to be, on the servers...
How crappy was Bitlocker that people preferred to CVS instead?
Or, is it like choosing MS's laughable 'team' tools over Git or hg? There are always a few dumb-asses that do this.
And this comment amused me:
Linus isn't just a good C programmer. After half a decade of watching him catch stuff like this in just his public LKML messages, I'm convinced he would have seen this if he were reading braille hardcopy of it from across the room while drunk.