Claudiu Cismaru wrote: > On Tuesday 11 November 2003 17:48, Adrian Coman wrote: > >>http://www.securityfocus.com/news/7388 > > > E de cateva zile asta :)) Noroc ca oamenii (defapt Linus) se mai uita si > pe logurile CVS... si a observat ca doua commit-uri au fost "fake"...
Pe asta de unde ai scos-o? Scrie clar in articol: "the hack fell apart Wednesday, when a routine file integrity check told McVoy that someone had manually changed a copy of a kernel source code file that's normally only modified by an automated process, specifically one that pulls the code from BitMover's BitKeeper software collaboration tool and repackages it for the open source CVS system still favored by some developers. Even then, McVoy didn't initially recognize the change as a backdoor, and he announced to the Linux kernel developers list as a procedural annoyance. Other programmers soon figured out the trick, and by Thursday an investigation into how the development site was compromised was underway, headed by Linux chief Linus Torvalds, according to McVoy. If BitMover didn't run automated integrity checks, the backdoor could have made it into the official release of version 2.6 of the kernel". Exista un CMS numit BitKeeper in care se tin sursele kernelului. Pentru dezvoltatorii care prefera CVS-ul, se extrage o copie si formateaza pentru CVS printr-un proces automat. "Omul" de la BitMover au observat o modificare manuala a acestei copii, a anuntat dezvoltatorii despre aceasta, acestia din urma au facut un diff, l-au analizat si au descoperit problema. Investigatia "prinde orbul scoate-i ochii" e condusa de Linus Torvalds. Asta ca sa respectam adevarul istoric :) Grig --- Detalii despre listele noastre de mail: http://www.lug.ro/
