
Thwarted Linux backdoor hints at smarter hacks (2003) - mikevm
http://www.securityfocus.com/news/7388
======
balabaster
Great to see that this has devolved into a religious argument about code
syntax... well done the pedantic few, but you guys are missing the bigger
picture

Like:

1). Have there been any other backdoors surreptitiously slipped in that nobody
_has_ noticed?

2). Is Linux Kernel really as secure as everyone thinks it is?

I'd spend more time scouring the code looking for other backdoors and securing
those than worrying about a holy war on the merits of Yoda Comparisons [Which
by the way I think suck. Use a compiler that errors out or warns on assignment
found where comparison is expected, code is meant to be human readable, so
make it so.]

The joy about Linux being open source is that you can get your fingers and
minds in the code and even if Torvalds had put in a back door at the behest of
some government entity or other, it wouldn't matter - you guys have the power
(and ability) to close that door. So if I were you, I'd spend more time doing
that and less time bitching about other coders' syntax preferences that may
not match your own.

~~~
drzaiusapelord
Linus doesn't have to put government collusion in the source. Look how he
strong-armed using the hardware Intel RNG recently. That's microcode you'll
never see. Is this collusion? Who knows, but trusting hardware makes code
reviews useless.

~~~
lasermike026
Correct me if I'm wrong but /dev/random gathers entropy from a number of
sources including CPU RNG. If your CPU was owned it wouldn't matter. I run
entropy gathering daemons especially for virtualized systems. VMs don't have
enough hardware entropy and software like vpn clients will get stuck waiting
for data from /dev/random.

There are a number of ways to add entropy. I've used egd and haveged. Use
them. It can't hurt.

I suppose you could not load microcode on boot. I've never tried.

------
jgrahamc
Here's the actual code:
[http://lwn.net/Articles/57135/](http://lwn.net/Articles/57135/) Made use of
the difference between == and = in C.

This was done by going around the normal channels to get code into the kernel.
Someone attacked the CVS server directly and modified the code:
[http://lkml.indiana.edu/hypermail/linux/kernel/0311.0/0621.h...](http://lkml.indiana.edu/hypermail/linux/kernel/0311.0/0621.html)

~~~
njharman
I don't think that is easily overlooked. Maybe, if there had only been one
conditional, but the different '==' and '=' are jarring to me.

OTOH, I'm a pretty slow code reader and look at "pattern" and "flow" of code
at least as much as I attempt to understand meaning. Probably why I'm so anal
about style, indentation, and vertical white space.

------
harrytuttle
And this is why you write it like this when you use C:

    
    
       (0 == current->uid)
    

Rather than

    
    
       (current->uid == 0) // or (current->uid = 0) in this case.
    

Impossible to make an assignment to a numeric lvalue. Easy to spot, easy to
audit in a diff.

~~~
James_Duval
Thanks for this.

I don't actually use C, although I know a few languages with C-like syntax
(Java, JS, AS2.0) and I'm learning Go & planning to learn D.

This small change will be really helpful in all these languages. Even if I
never make this error again it will help stop people who alter my code from
making this error.

Perhaps they should teach it in more programming textbooks, as I've not come
across it in anything from HeadFirst to online tutorials to Deitel & Deitel.

~~~
hyperpape
It's not necessary in Java (though it's still a common habit). Assignment to a
non-boolean is impossible in an if statement in Java, and you can make the
compiler warn you about accidental assignments.

~~~
rbanffy
Still, assigning a boolean rather than comparing it is still possible and,
possibly, a source of bugs.

------
hamidpalo
Not familiar with Linux kernel development practices, but wouldn't have any
semi-capable static analysis tool caught this?

~~~
icebraining
Yes, nowadays gcc warns you about assignments in conditionals if you enabled
it (e.g. with -Wall). But it probably didn't in 2003.

~~~
alextingle
This assignment is wrapped in parentheses. GCC will not issue a warning.

------
bladurga
Original thread:
[http://marc.info/?t=106806555100004&r=1&w=2](http://marc.info/?t=106806555100004&r=1&w=2)

