LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

KS2010: Kernel.org update

KS2010: Kernel.org update

Posted Nov 3, 2010 23:15 UTC (Wed) by cesarb (subscriber, #6266)
Parent article: KS2010: Kernel.org update

> Any corruption of the git repository on kernel.org would cause checksum mismatches and, thus, would be immediately noticed by Linus and others.

It could show up, not as a checksum mismatch, but as a "forced update". I noticed the system upgrade problem mentioned above as a "forced update" from e99d11d to 4193d91 (something like "e99d11d...4193d91 (forced update)"), and spent some time making sure that it was just "going backwards in time" and not something more obviously malicious.

There is another security barrier not mentioned above: most users do not build kernels directly from the kernel.org git repository (I would in fact guess most people get their kernels already compiled from the Ubuntu repositories), and even the ones that do will not build a new kernel all the time (they will build for instance one or two kernels per day at most). The exception being the kernel developers, which are also the ones who can notice odd things more quickly. This gives time for a malicious commit to be found before it spreads too much.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds