As has been widely reported elsewhere, an attempt was recently made to slip a back door into the Linux kernel by way of the BK2CVS repository. This article looks at the code that the attacker tried to get into the kernel and examines the reasons why that particular attack could not have succeeded. The kernel development process was not threatened this time, but the possibility exists that an attack could succeed in the future. This episode may bring about some changes in the development process aimed at making it harder to get malicious code into the kernel in the future.
Very interesting read to anyone interested in Linux, Open Source and/or Security.
Well, you shouldn’t download a Kernel from a place you don’t know from. (I doubt that people that made a distro, would insert a backdoor in the kernel for that distro, duh.)
(I know only a tiny bit about Linux, so, if I’m wrong, don’t bitch at me, please :P)
Same principle as downloaded trojan horse viruses, really. People who download from unoffical sources take the risk when they do. Not really any different or malignant.
This is much like it is with all software that is avaiable online, it’s possible to sneak malicious code into it. Especially when you can rely on there being idiots that will download it from anywhere.
Anyway, if someone succesfully snuck malicious coding into the Linux Kernel: Microsoft would get a birthday present, and be very happy.