topic Re: Linux 2.6 Kernel Backdoor Attempt Thwarted in Operating System - Linux

Linux 2.6 Kernel Backdoor Attempt Thwarted

Dave Falloon — Mon, 17 Nov 2003 12:43:26 GMT

This is an FYI for anyone that does not read securityfocus.com:

An attempt was made by some unscrupulous character to add a code submission to the kernel source that would allow anyone to gain root access using a combination of flags in the wait4() call.

Heres the link to the full story:

http://www.securityfocus.com/news/7388

Just thought you guys might want to take a look maybe to give you an idea of the next generation of exploits to hit this industry.

Dave

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

Huc_1 — Mon, 17 Nov 2003 13:05:19 GMT

thank, Dave

for the "for your info" and a good link !

That should keep-us on or toes !

J-P (0 points for this of course)

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

Jerome Henry — Mon, 17 Nov 2003 15:31:17 GMT

Tks Dave too !

Funny thing is that on irc channels this flaw was discribed as far less elegant as any KLM rootkit, as it was so visible that any kernel guru or any linuxw kid would see it on first release... rootkits still have happy days !

J

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

Ragu_1 — Mon, 17 Nov 2003 18:41:29 GMT

The community of free software users' were quick to identify this security breach due to the unfettered access to the source tree. Can anyone guess-estimate the number of backdoors `embedded' in `non-free' software ? Security breaches happen and the free software community did not shy away from full disclosure of `incidents' and saying a big `no' to secrecy. The next line of security breach would be the total erosion of `individual privacy'! Computer security is a process where one learns and becomes better by correcting mistakes with full disclosure and thru the massive amount of collaboration thru the medium of the Internet to find `fixes'.

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

Dave Falloon — Tue, 18 Nov 2003 00:22:16 GMT

I think the thing that stuck out in my head about this attempt though was its subtle nature. Using what looks like a typo to make a root exploit using a combination of little known flags is pretty cunning. Its almost too bad this person has given in to the dark side. They could probably make some very nice contributions to OSS instead of just being a code thug.

I agree Ragu, open peer review by as many people as possible will keep these flaws from being the door for the next blaster or klez or whatever its going to be. Another thing that helps is public places to voice concerns.

Dave

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

dirk dierickx — Tue, 18 Nov 2003 02:06:57 GMT

This backdoor code was found before it could do any damage. and never got into the main stream kernel.

the checks seem to be doing their job, that made this into a non event.