New Linux Intrusion Attacked and Installed

An unknown intruder attempted to insert a Trojan program into the code of the next Linux kernel, which was stored on a publicly accessible database. The security features of the Linux kernel source code, called BitKeeper, have detected unauthorized changes within 24 hours, and the public database has been shut down, a Linux kernel developer said. This database is only used to provide the latest beta of the Linux kernel to users of the Concurrent Versions System (CVS), a program designed to manage the Linux kernel source code. "These unauthorized changes, which would create a security hole in the kernel, should never be used for official Linux code, and therefore never become a risk to people. Use it, "said Larry McVoy, founder of BitMover software company and principal architect of BitKeeper source code. Linus Torvalds, the founder of Linux and the largest Linux developer, used BitKeeper to track changes in the core software of the Linux operating system. Everyday, this software brings new changes to the public and separate databases for developers to use. An intruder appears to have hacked into a previous server, and uses access to make a small change on one of the source files, McVoy said. This change creates a security hole that allows a person to gain control privileges on any Linux computer running the system kernel compiled from the modified source code. However, only the developers of this new kernel are affected by this vulnerability, and its undetected process is only within 24 hours. When BitKeeper exports source code to other servers, it checks the integrity of every file, compared to a digital fingerprint on the official version of that file with the version on the remote server. This comparison detected source code changes stored on the official server.