[svlug] kernel.org breach, four years later
shaeffer at neuralscape.com
Thu Nov 19 19:19:18 PST 2015
On Thu, Nov 19, 2015 at 05:53:22PM -0800, Rick Moen wrote:
> Posting with permission. (Publication date of tomorrow is because
> the author's in Australia. Views expressed are the author's, except
> where he quotes yr. humble servant.)
> How were Linux kernel servers rooted four years ago?
> by Sam Varghese
> 20 November 2015
> On August 28, 2011, the servers of the Linux kernel project were
> breached, a fact that was discovered only 17 days later. News of
> this leaked out in September and it became known that the intrusion had
> been effected by stealing some user's credentials. But how this
> intrusion was elevated to root status was never revealed. Indeed, four
> years and three months later, we still don't know.
> The kernel project came under some fire in the Washington Post
> recently for the security of its code. It looks like the same
> mentality prevails among those who are responsible for keeping it safe
> from crackers.
Yes, very interesting and all true! I remember it well. One interesting detail
is that the kernel source code itself was not cracked. The source code
distribution system was compromized as you aptly document. Linus Torvalds holds
the gold copy of the kernel source code tree, and he keeps it air-gapped. And
he uses git hash codes to verify the integrity of the source code against his
golden copy. (Which may be how they eventually discovered the source code
distribution system was compromized. heheh...)
Bottom line, folks were downloading distributed kernel software from a
compromised server for 17 days. Ouch!
Adapt and thrive,
Karen Shaeffer Be aware: If you see an obstacle in your path,
Neuralscape Services that obstacle is your path. Zen proverb
More information about the svlug