Re: Wiretapping Linux?

From: Chase Venters
Date: Tue May 16 2006 - 16:48:34 EST

On Tue, 16 May 2006, Måns Rullgård wrote:

Chase Venters <chase.venters@xxxxxxxxxxxx> writes:

The thing is that there is enough peer review in the open source world
that not only would it be *difficult* to slip in some intentionally
malicious code (and I don't think any malicious code of much potential
would be likely to make it past LKML, especially if it doesn't closely
adhere to CodingStyle :P) but it would not be long before someone
noticed it.

Some details on a real attempt:

Wow. Did anyone ever find out who edited CVS, and how they did it? (I assume David Miller didn't have anything to do with it :P)

Yeah, so to wrap this malware conversation up -- the most effective way to implant malicious code in Linux is to crack into developer machines and sneak the changes in.

And hope that someone doesn't notice.

The original poster speaks of spyware - I think spyware would end up being a few lines more than a fake current->uid test(set). So it's not proper to say malicious code couldn't be inserted into Linux; rather, it's just not very likely to get anything very complicated in there. The bigger the elephant, the harder it is to dress it up as an elf.