Kernel.org has been compromised by an intruder gaining root access to parts of their infrastructure which hosts the kernel source code.
A number of servers have been accessed, apparently via compromised user credentials. The intruder installed several rootkits and monitored user activity.
The intrusion went unnoticed for almost a month until the kernel.org staff discovered it on August 28th. The staff reassured the community in a blog post on kernel.org, stating that the actual repositories themselves are unaffected.
“While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.”
So the Linux kernel itself is okay?
Kernel.org explains that the Linux kernel is unaffected in this security breach:
“The Linux community and kernel.org take the security of the kernel.org domain extremely seriously, and are pursuing all avenues to investigate this attack and prevent future ones.
However, it’s also useful to note that the potential damage of cracking kernel.org is far less than typical software repositories. That’s because kernel development takes place using the git distributed revision control system, designed by Linus Torvalds. For each of the nearly 40,000 files in the Linux kernel, a cryptographically secure SHA-1 hash is calculated to uniquely define the exact contents of that file.
Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed.”
The staff are taking no risks and have implemented a variety of measures to fix the problem, have notified authorities, and are working on preventing this sort of breach in the future.
They list what they’ve done so far as a response to the security breach:
- We have currently taken boxes off line to do a backup and are in the process of doing complete reinstalls.
- We have notified authorities in the United States and in Europe to assist with the investigation
- We will be doing a full reinstall on all boxes on kernel.org
- We are in the process of doing an analysis on the code within git, and the tarballs to confirm that nothing has been modified
You can read more about the security breach over in the news section on kernel.org.
Thanks to James Stradling | via Twitter