Kernel 2.6 *almost* trojaned

Mike Kallies mgjk-cpI+UMyWUv9BDgjK7y7TUQ at public.gmane.org
Fri Nov 7 16:28:43 UTC 2003 

Jason Slaughter wrote:
>>One thing that occurred to me, thinking about Eric's adage, there are
>>really *no* eyes on the Windows "kernel" (or whatever you call it). How
>>many unknown/deliberate backdoors could be in *there*?
> 
> Well this particular hack was detected by automated software, not a pair of 
> human eyes, so if it were in closed source, and they were using the same 
> software, it would have been caught there too. 

Actually, from the article, it appears that it was only a public CVS 
tree which was trojaned.  A closed-source project would not have a 
public CVS tree.

> I tend to agree with the "ManyMany eyes make all bugs shallow" statement, but 
> this recent incident is not an example it in action.

There are plenty of eyes on closed software, and no doubt they'll be 
greatly rewarded for discovering such back doors, or severely punished 
by the full legal hand of the corporation for inserting such back doors.

Many eyes make all bugs shallow, but, IMHO, very few eyes are capable of 
discovering the back doors, and fewer are looking.

I do think the motivations in free software for finding bugs is greater. 
  Cash isn't as powerful as every kid with a computer learning Kernel 
stuff trying their damnedest to find a cool bug for the kudos which 
would be lavished upon them by what ESR describes as a gift culture.

A more interesting test would be if somebody sent in a patch which 
actually fixed one thing or introduced a new feature, but in the process 
created a subtle back door, like an intentionally placed unchecked 
buffer tucked into a race condition, low memory situation or an 
off-by-one counter.

Admittedly the kind of bad coding which leads to the above kinds of 
security problems quickly raise the hair on the backs of experienced 
programmers, and the small-guy code contributed to the kernel is, from 
what I've read, pretty heavily scrutinized, so the odds of something 
like that getting through are probably close to zero.  But an 
experienced programmer would know what types of things would stand a 
chance to slip through the cracks.


-Mike

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list