Example of a backdoor submitted to an open source project? [closed] - McMap

About

Example of a backdoor submitted to an open source project? [closed]

Asked 6/10, 2011 at 19:20 Answered 6/10, 2011 at 19:33

git version-control open-source cvs

A

1

6

To clarify immediately, I'm not interested in writing a backdoor. I have no interest in submitting backdoor changelists to projects myself.

I'm researching some source modeling techniques, and we're interested in seeing if exploits or malicious code can be identified. We're using git and subversion histories to examine how a model snapshot captures relationships between the code. There is a question about whether certain types of code appear as outliers in an environment like this.

With that in mind, I'm having a hard time finding instances of a git/cvs/? open source repository with an example of a changelist that contained a backdoor, and was submitted and will show up in the logs.

We were looking at proftpd as an early example, but this exploit wasn't checked in but rather modified other versions of the code.

Are there examples in the revision history of an open source project of attempts to insert backdoor code?

Thanks, Scott

Anguilliform answered 6/10, 2011 at 19:20 Comment(3)

Not what you're asking about, but there are some sneaky examples of malicious code from the Underhanded C Contest - underhanded.xcott.com – Diluvium 6/10, 2011 at 19:30

This is an interesting question, but might get closed on StackOverflow. If you don't get the answer you want, try there security.stackexchange.com – Gibby 6/10, 2011 at 19:44

While this is clearly a matter that is unique to the programming profession I'm not sure it passes "You should only ask practical, answerable questions based on actual problems that you face.". The suggestion for security might be reasonable, and you could check the FAQ at programmers, too. – Silicium 7/10, 2011 at 2:42

D

1

https://freedom-to-tinker.com/blog/felten/linux-backdoor-attempt-thwarted

There was also an attempt to compromise the source repository to inject new code but have the version control system think it had been there for some time (and so was trusted). One of the requirements of Git is that it has strong crypto checking of the repository with each new checkin.

Delibes answered 6/10, 2011 at 19:33 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.