An example of a backdoor presented in an open source project?

Question

An example of a backdoor presented in an open source project?

To clarify right away, I'm not interested in writing a backdoor. I am not interested in sending cross-project listings for projects.

I am studying some methods for modeling sources, and we are interested in knowing whether exploits or malicious code can be detected. We use git and subversion stories to explore how a model snapshot captures the relationship between code. The question is that certain types of code look like outliers in such an environment.

With that in mind, is it hard for me to find instances of git / cvs /? open source with an example change list that the backdoor has posted and has been submitted and will be displayed in the logs.

We looked at proftpd as an early example , but this exploit was not tested, but rather modified by other versions of the code.

Are there any examples in the change history of an open source project trying to insert a backdoor code?

Thanks Scott

+4

git version-control open-source cvs

swrittenb Oct 6 '11 at 19:20

source share

1 answer

Martin beckett · Answer 1 · 2011-10-06T19:33:02+0000

https://freedom-to-tinker.com/blog/felten/linux-backdoor-attempt-thwarted

There was also an attempt to compromise the original repository to introduce new code, but the version control system believed that it had been there for some time (and therefore was trusted). One of the requirements of Git is that it has a strong cryptographic verification of the repository with each new verification.

An example of a backdoor presented in an open source project?

More articles: