7 November 2003 Open source developers have foiled an attempt by an unknown attacker to inject a Trojan horse feature into the kernel of Linux, the open source operating system.
The attempted hack occurred when the attacker successfully broke into the public database containing the latest beta version and made a small modification to the code. The public database is used by open source developers to download the latest development code.
If the change had passed unnoticed, it would have elevated all users of the subsequently compiled operating system into ‘super users’, meaning that anyone logged on could take control of the server on which the operating system is running.
That would have enabled, for example, the attacker to easily take full control of a web server running Apache on that version of Linux.
However, the change was spotted within 24 hours by BitKeeper, one of the security applications that Linux creator Linus Torvalds has deployed to ensure the integrity of the Linux kernel.
BitKeeper was able to pick up the subtle change because it runs a number of security checks every time a copy of the Linux kernel is downloaded from the database. The public database was then shut down and the change was found within five minutes, said BitKeeper developer Larry McVoy.
While the integrity of Linux was not threatened by the incident, it will add weight to proposals to have every change introduced to the kernel digitally signed, so that such anonymous amendments are no longer possible.