tech-security: Re: attempt to plant a back door in the Linux kernel

Subject: Re: attempt to plant a back door in the Linux kernel
To: Jason Thorpe <thorpej@wasabisystems.com>
From: David Maxwell <david@crlf.net>
List: tech-security
Date: 11/08/2003 17:45:21

On Sat, Nov 08, 2003 at 09:51:00AM -0800, Jason Thorpe wrote:
> 
> On Nov 7, 2003, at 10:41 AM, Steven M. Bellovin wrote:
> 
> >The MSNBC story ( http://www.msnbc.com/news/990343.asp?0si=- )
> >noted that there was a security problem in CVS.
> 
> Err, I thought it was the BK server that was compromised?

Every commentary I have read says that it was the Public CVS export
server. Apparently, it gets a copy of the BitKeeper sources, using a
utility called BitMover.

It sounds like BitMover discovered, during an update, that the file on
the export server was no longer identical to the last update copied over
from BitKeeper. This is why the detection was automatic, and not
dependent on someone noticing that the patch had been inserted.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> The only difference I see
between voodoo and marketing research is that voodoo sometimes works! 
						- Leonard Stern