June 14, 2021

Security Breach at Home of Linux Sourcecode

(LiveHacking.Com) – Kernel.org, the primary site for the Linux kernel source code, suffered a security breach that was discovered on August 28th. The hackers managed to gain root access to one of the servers and modify some of the ssh files. They also added a trojan startup file to the system start up scripts.

The key question is if the Linux source code was somehow modified to include back doors or vulnerabilities which would then be propagated to the various Linux distributions. The word from the system administrators is that the source code repositories were unaffected. But they are continuing to analyse the code within git, and the tarballs to confirm that nothing has been modified

The truth is that the potential damage of breaking into kernel.org is far less than typical software repositories. That’s because kernel development takes place using the git distributed revision control system. For each of the nearly 40,000 files in the Linux kernel, a SHA1 hash is calculated to uniquely define the exact contents of that file. Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed.

Those files and the corresponding hashes exist not just on the kernel.org machine and its mirrors, but on the hard drives of several thousand kernel developers and distribution maintainers. Any tampering with any file in the kernel.org repository would immediately be noticed by each developer as they updated their personal repository, which most do daily.