|
Click to See Complete Forum and Search --> : backdoor in kernel source deathadder 11-10-2003, 07:58 AM while looking at theregister.co.uk i found this and thought people here might find it interestin backdoor in kernel (http://theregister.co.uk/content/55/33855.html) Syngin 11-10-2003, 01:18 PM Interesting article. Thanks DA. Satanic Atheist 11-10-2003, 01:44 PM I came across that. Thank God for open-source. If that had been in a Microsoft kernel then it may not have been discovered before being released. I'm just curious as to who would have access to the code, enough experience of the kernel to insert a line like that and why? James Icarus 11-10-2003, 02:34 PM As the article states (might of been another one I read, didn't bother reading this link ;)) that who ever inserted this code, was not autherized (cracked the CVS server) and...well, I read this article and it is the same oneThe backdoor was a two-line addition to a development copy of the Linux kernel's source code, carefully crafted to look like a harmless error-checking feature added to the wait4() system call - a function that's available to any program running on the computer, and which, roughly, tells the operating system to pause execution of that program until another program has finished its work.So if it wasn't fora routine file integrity check told McVoy that someone had manually changed a copy of a kernel source code file that's normally only modified by an automated processthis 'tainted code' would of not been found at all, after all it was the change of a single characture. Satanic Atheist 11-11-2003, 04:14 AM Yeah, an extra "=" sign which some of th code-hacks might understand... It was very clever, but I'm still not convinced about the "cracking the CVS server" bit... The person who did this seems to have a lot of the system to get in, do it so subtly and get back out. Something just doesn't add up... Maybe I'm just cynical. James dboyer 11-11-2003, 04:37 AM Yeah, an extra "=" sign which some of th code-hacks might understand... don't you mean a missing "=" sign? ;) Satanic Atheist 11-11-2003, 07:37 AM I may have misread the article, but I took it to be "==" instead of "=" which have different functions in program code. James hard candy 11-11-2003, 08:08 AM I confess, I put it in there. I have a part time job as a janitor in the server hosting company. I didn't mean to- I sat on the keyboard and messed up some code so I tried to make it right. I guess I hit one key too many times. I'm not a hacker, just a part time janitor (I do like playing the Xbox though).:o "It sure does. Note "current->uid = 0", not "current->uid == 0". Good eyes, I missed that. This function is sys_wait4() so by passing in __WCLONE|__WALL you are root. How nice." Satanic Atheist 11-11-2003, 08:34 AM Hmmm, I've always suspected that you were one of Bill's lackeys... Don't worry HC - the Blackhawks are already on their way. Life will go on (except for you, that is). Thanks for the confession. See you at the execution! James justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|