Home Linux Kernel Host Kernel.org Breached

Linux Kernel Host Kernel.org Breached

The site that hosts the Linux kernel’s source code, Kernel.org was compromised earlier this month. The discovery was made on August 28th, and steps are being taken now to enhance security for the site and recovery is underway. The kernel code repositories are believed to be unaffected.

According to an unattributed post on the front page of Kernel.org, intruders managed to gain access via a compromised user credential. It’s currently unknown how the attacker managed to escalate to root access.

After gaining access, the attacker modified files related to SSH services and added a trojan startup file to the system startup scripts. The trojan was discovered due to an error showing in a system log from a program not actually installed on the server (Xnest).

The status now is that the compromised systems are offline and being restored from pristine backups. All boxes on kernel.org will be getting full re-installs, and analysis is being done of the code to make sure that nothing has been modified. Authorities have also been notified about the breach.

Why it Doesn’t Matter (Much)

Before anyone gets in a tizzy about the compromise, it’s worth pointing out that while this is an enormous inconvenience for the kernel folks and site admins it’s not going to affect enterprises that run Linux in production.

Even if the attacker managed to compromise the code repository, almost all production servers are running kernels provided by vendors like Red Hat and SUSE. Those kernels were patched, compiled and tested long before this breach. The only way someone might see this is if they’re testing the most current kernels or compiling their own. And, again, only if the code was actually compromised – which is considered unlikely at the moment.

There’s also the small matter of the source control system used to manage the kernel source. As Jon Corbet writes, “The code for the kernel (and for many other projects) is managed with the “git” source code management system. And git does not allow the code to be modified by third parties without people knowing about it.”

Files managed by git have a cryptographic hash associated with them. Every time the file changes, the hash changes. When developers download the files, they’d get a warning from their instance of git that something had been changed.

As Corbet points out in his post, kernel.org may seem like where kernel development is done – but it’s not. It’s the centralized repository for all the developers who are doing kernel development on their own machines.

Why it Does Matter

Why is it worth reporting? Obviously, the fact that the site hosting the Linux kernel is going to be considered news. But really, any major breach is worth examining since it shows how attackers work and how they might be trying to compromise your systems. Kernel.org has pretty good security, but it just goes to show that a target that has sufficiently motivated attackers may be compromised.

It’s not yet known how the attackers managed to gain root access. Once that’s known, we’ll be sure to report the issue so companies that might be at risk can update immediately.

Disclaimer: Kernel.org is funded by the Linux Foundation, and I do contract work for the Linux Foundation though I am not connected to Kernel.org management in any way.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.