If the guy who did it wants to come forward, that is his decision. [edit: I won't name names.]
He did provided me the full story. He told me with the understanding that the story would go public, so I will dig it up and post it.
I also interviewed the sysadmins who were running the box at the time.
1. it was not an NSA operation, it was done by a hacker.
2. it was discovered by accident, not because of clever due diligence.
Basically, there was a developer who had a flakey connection and one time his commits didn't go through. To detect this in future he had a script that would download the entire tree from the server and compare it against his local copy to make sure that his changes had been committed.
It was discovered because of the discrepancy between his local working copy and the upstream copy. Which was checked not for security reasons, but because sometimes the two were out of sync. That's all. Just dumb luck.
The sysadmins are still quite bitter about it. I know how it feels when your box is hacked and you really take it personally.
The code wasn't added by hacking the CVS, as far as I remember, but rather through a hacked developer with commit rights.
that's the story as I was told
I suspect you are being sarcastic, but in case you aren't, you may want to reexamine your assumptions.
The colossal incompetence that is synonymous with government work doesn't magically stop at three-letter agencies. The FBI/CIA communication fuckups before 9/11 are just one famous example.
The idea that the NSA is staffed with "uber hackers" is a Hollywood fantasy. A government job working as a hacker is still a government job. Why would someone with that skillset, who can get a job at FAANG for 10x the salary, submit to the bureaucracy and monitoring BS that comes with working for an intelligence agency? I'm sure there are a select few who find this appealing, but the vast majority are just going the take the money and the free life.
It's funny when you don't understand who you are replying to.
He had many nicknames, but the one I knew him by was three characters long.
I lost contact with him sometime around 2004-2005, and I occasionally wonder what happened to him and if he's still alive.
I hope all is well.
Just like the NPR is not financed by the US government, but by NGOs.
https://www.npr.org/about-npr/178660742/public-radio-finance...
edit - removed some snark
This is a common mistake, and I believe most linters have rules for that. And I don't think there is any situation where there is a good reason for code like this to exist. Either the expression is wrong, or it doesn't belong in a "if". You may get stuff like that in legitimate code with macro expansion, but again, it is not the case here, and from my experience, you get a warning anyways.
The only people using linters at that time was because it was forced by regulation (like automotive, aeronautics, ...)
Today, certainly. My compiler even catches errors in the format strings to printf[1].
But back then? I doubt it, even with all the warnings turned up.
[1] Removing yet another common source of bugs.
it just seems like there could be a more tamper resistant mechanism around privilege elevations.
Its my understanding that if "OS process" runs with its own address space with privileges (as it needs to talk to hardware), once an attacker has code execution functionality, what stops them from mapping the memory they need then writing to the address to set uid ?
it would be interesting if there were some kind of write protection on the process-privilege data where some effort is made to verify the provenance of updates before they're allowed to go through or maybe even the whole privilege table is centralized and signed.
The Linux Backdoor Attempt of 2003 (2013) - https://news.ycombinator.com/item?id=24106213 - Aug 2020 (141 comments)
The Linux Backdoor Attempt of 2003 - https://news.ycombinator.com/item?id=18173173 - Oct 2018 (28 comments)
The Linux Backdoor Attempt of 2003 - https://news.ycombinator.com/item?id=6520678 - Oct 2013 (63 comments)
Probably most of the deliberate backdoors that are present in Linux have been inserted by well funded state sponsored developers performing useful work. Easy to sneak a vulnerability in that way. (There was a controversial incident a few years ago when some researchers proved as much.)
https://old.reddit.com/r/HobbyDrama/comments/nku6bt/kernel_d...
Let's say the NSA adds a backdoor. If someone else finds it, isn't that an exploit?
Why do so many programming languages have different equals/assigns operators?
There are languages that combine them and apparently don't have any problems. Is it something to do with being strongly vs. weakly typed?
To prevent accidental or malicious use of the assignment operator in place of the equals operator in a language, you either have to have a real boolean type, and no implicit conversion of other types to boolean, or make assignments not be an expression, or disallow assignment expressions in boolean contexts.
Making both operators the same symbol is not a good solution IMO, because it makes it harder to distinguish which is which in arbitrary contexts. E.g. in `a = b = c`, presumably the first is an assignment and the second a comparison? Or maybe not? It would just be confusing. Not sure which languages you are referring to that do this.
if (0 == do_something(foo)) { ... }
In Go, an assignment is not an expression, so the whole thing becomes illegal. I found this approach a bit offensive at first, but I got used to it rather quickly.
Or just reverse the expression:
0 == curent->uid
0 = current->uidI think partly that being explicit is nice. Assignment and equality are two very different things, so it makes sense for there to be different syntax. You can easily prevent the code in the article from working—just disallow assignment inside of expressions. This is probably a good idea, and a lot of newer languages make that choice.
Even when you read papers about programming, you often see different notation for assignment and equality. Assignment may be <- or := or something, and equality will just be =, to match the mathematical notation. I see a lot of <- in manuals for processors & architectures. I would hate to see something like this in my code base:
a = x = y;
I would only accept something like that if it meant (a==x)&&(x==y).
> a = x = y;
> If that meant “set ‘a’ to true if ‘x’ is equal to ‘y’, and false otherwise.” I would, honestly, be a little pissed off.
Would you find it more acceptable as `a = (x = y)`? To me, that is reasonably clear.
In the former you could combine them. In the latter you can't (you need to be able to tell if "if (a = b) ..." contains a comparison or assignment).
(EDIT: I agree with the sibling reply from klodolph there - there are many cases where reusing the same operator would get really confusing, and so I'd prefer the operators to be distinct even if the language do not allow them in the same context)
You could use Teamviewer or the like.
Self host a MeshCentral or RustDesk (MC for me!)
Just make sure you set the key for those clients to not expire.