Print

[apemberton]

As probably many of you know, 'kernel.org' is unavailable as I write and has been for some days. I understand there has been a security breach on at least one of the kernel servers, possibly starting six or more weeks ago. It is difficult to understand what has happened or the implications from what has been written in forums, blogs and at least one magazine. It may be a trojan embedded in the kernel but it is not clear if this is a real or imagined threat.

I have all of my sheevaplugs/guruplugs running kernel 3.0.3 compiled from downloaded source at kernel.org (using git clone) plus the patches from 'sheeva.with-linux.com/sheeva' (which is also off-air).

I am worried that my systems may be compromised in some sort of way and what to do to minimise risk. It has been suggested that passwords should be changed and strengthened (good practice of course) but also it has been suggested that the SSH keys have been compromised which would make changing passwords no obstacle.

Anybody any thoughts?

PS. does this mean that Windows users are chuckling behind their antivirus software? Or is this revenge for the Iranian nuclear labs being hacked?

ETA: I meant SSH rather than SSL above

[Confusticated]

Password & SSH Key issues are only applicable to the developer users of kernel.org and the associated servers...so that's not you unless you have been keeping quiet about it
The remaining issues are:

1) Was kernel.org web script\pages spiked to put malware on your client via your web browser.
2) Was the git repository tampered with, introducing malware source\data.

1 I am sure (from your posts) you know how to check for this (quicker to do than explain every step how)
EDIT: And I am sure kernel.org would have announced it if they found tampering with the webserver.

2 Is unlikely, you can point git at github and pull Linus's tree from there instead (anything amiss in your repository will cause errors)

EDIT:
3) They stole the SSL Certificates, polluted the DNS servers, and redirected you to a clone of kernel.org to have thier wicked way with your trusting clent

[apemberton]

The simple answer to 1) and 2) is I don't know!

Apparently Linus Torvalds has transferred from Kernel.org to Github.

But the whole issue is unclear and the implications for Linux users of any archtecture may be significant.

I do not have answers, just questions.

[Confusticated]

1) Boot off a Live CD, Logs, Firewall, Verify all installed packages (install selinux, tripwire etc for future protection)

2) This is (one possible) the answer, or alternatively you could read all the source yourself.

point git at github and pull

This is the major difference between Linux and Windows, the transparency of Linux allows you to find and undo anything done!

[sfzhi]

A side note:
So called "stable" releases, such as 3.0.3 (and 3.0.4 for that matter) are not maintained by Linus Torvalds, so they are not in his git repository.