[OT] Hackers break into Linux kernel home

Gilles Gravier ggravier at fsfe.org
Fri Sep 2 15:29:26 UTC 2011


Hi!

On 02/09/2011 16:59, Amedee Van Gasse wrote:
> On Fri, September 2, 2011 10:40, Gilles Gravier wrote:
>> They stole source code so that they could search inside it for
>> vulnerabilities.
>>
>> Oh wait... No. Linux is open source. No point in STEALING the code, it's
>> there available for freeeeeeeeeeeeeee! :)
>>
>> Serilously, nobody publicly knows yet. I suspect they need to do a full
>> audit of the systems affected.
>>
>> Several scenarii are possible though:
> The plural of the Italian word scenario is scenari, making “scenarii”
> etymologically inconsistent.
Wiktionary agrees, letter for letter with your definition. Thanks,
though, for reminding me.
>> 1) They are dumb and stole source code (see jest above)
> No comment :)
>
>> 2) They are smarter and compromised the code (hopefully a comparison
>> with a backup, followed by a restore will fix)
> Git prevents that. Thousands of people have an exact copy of the Linux
> kernel, and if even one bit was changed after a commit, then this would be
> noticed in a jiffy.
That's good news.
>> 3) They are even smarter, and didn't touch the code, but planted trojans
>> in the machines so that they can come back at a later date and mess up
>> with the code when nobody is thinking about this incident anymore
> As I understand it, the people from kernel.org are busy rebuilding all
> machines from scratch (not only the compromised ones) and patching the
> hole that caused the security issue.
Once they find the (yet unidentified) hole...
>>> What does it mean? Is Ubuntu also affected?
> No. Your current Ubuntu installation is not affected, and the problem was
> discovered before a new version of Ubuntu was released.
And hopefully will be fixed before next kernel updates.
>> How to prevent being attacked?
> That's an entirely different question. Not running any public facing
> services that you don't really need, would be the best place to start.
How to prevent YOU being attacked? Or Kernel.org being attacked?

2 different questions.

1) Kernel.org : fix kernel bugs that were allegedly used to break into
their machines.
2) You... wait for the kernel patches and apply them when they come out.
And follow Amedee's advice... stop any service you aren't using. I'll
add put your machine behind a firewall with only ports open towards
actually active services and proper port forwarding in place.

Gilles




More information about the ubuntu-users mailing list