Re: Wiretapping Linux?

From: Chase Venters
Date: Tue May 16 2006 - 16:48:34 EST

Next message: Ju, Seokmann: "Help: strange messages from kernel on IA64 platform"
Previous message: Willy Tarreau: "Re: need help booting from SATA in 2.4.32"
In reply to: Måns Rullgård: "Re: Wiretapping Linux?"
Next in thread: Helge Hafting: "Re: Wiretapping Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 16 May 2006, Måns Rullgård wrote:

Chase Venters <chase.venters@xxxxxxxxxxxx> writes:

The thing is that there is enough peer review in the open source world
that not only would it be *difficult* to slip in some intentionally
malicious code (and I don't think any malicious code of much potential
would be likely to make it past LKML, especially if it doesn't closely
adhere to CodingStyle :P) but it would not be long before someone
noticed it.

Some details on a real attempt: http://kerneltrap.org/node/1584

Wow. Did anyone ever find out who edited CVS, and how they did it? (I assume David Miller didn't have anything to do with it :P)

Yeah, so to wrap this malware conversation up -- the most effective way to implant malicious code in Linux is to crack into developer machines and sneak the changes in.

And hope that someone doesn't notice.

The original poster speaks of spyware - I think spyware would end up being a few lines more than a fake current->uid test(set). So it's not proper to say malicious code couldn't be inserted into Linux; rather, it's just not very likely to get anything very complicated in there. The bigger the elephant, the harder it is to dress it up as an elf.

Thanks,
Chase

Next message: Ju, Seokmann: "Help: strange messages from kernel on IA64 platform"
Previous message: Willy Tarreau: "Re: need help booting from SATA in 2.4.32"
In reply to: Måns Rullgård: "Re: Wiretapping Linux?"
Next in thread: Helge Hafting: "Re: Wiretapping Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]