Attempted attack on Linux kernel foiled
Security features of the source-code repository, known as BitKeeper, detected the illicit change within 24 hours, and the public database was shut down, a key developer said Thursday. The public database was used only to provide the latest beta, or test version, of the Linux kernel to users of the Concurrent Versions System (CVS), a program designed to manage source code.
The changes, which would have introduced a security flaw to the kernel, never became a part of the Linux code and, thus, were never a threat, said Larry McVoy, founder of software company BitMover and primary architect of the source code database BitKeeper.
"This never got close to the development tree," he said. "BitKeeper is really paranoid about integrity, and it turns out that was key to finding this Trojan horse."
Linus Torvalds, the original creator of Linux and the lead developer of the kernel, uses BitKeeper to keep track of changes in the core software for the operating system. On a daily basis, the software exports those changes to public and private databases other developers use.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.