linux
Linux kernel backdoor insertion attempt via CVS
An attacker attempted to insert a subtle backdoor into the Linux kernel source (kernel/exit.c) via the BitKeeper/CVS system. The change involved a two-line modification to the sys_wait4 function. If a call to wait4() was made with specific options (options == (__WCLONE|__WALL)), an additional check (`current->uid = 0`) would execute. This check, an assignment rather than a comparison, would set the calling process's UID to 0, granting root privileges. The attempt was detected and reverted before inclusion in any release.
- Date
- 2003-11-05
- Category
- Open Source
- Target Surface
- Revision control
- Insertion Phase
- source
- Impact
- Benign
- Cause
- Compromised Infrastructure
What Was Affected
Package
linux
LanguageC
ComponentOS
Artifact typerevision control system
Domain typecode host
Domain
bkbits.net
Incident Context
- Motive
- Espionage/Strategic Advantage
- Attribution
- Nation-state
- Transitive
- No
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Indicators and Changes
Commits
1.1211.121.1191.118
External References
Source Data
Source record: oss/linux/meta.yaml