Comment by cptskippy
4 years ago
In theory wouldn't it be possible to introduce bugs that are seemingly innocuous when reviewed independently but when combined form and exploit?
Could a number of seemingly unrelated individuals introduce a number of bugs over time to form and exploit without being detected?
yes, of course, and I'm fairly certain it's happened before or at least there have been suspicions of it happening. Thats why trust is important, and why I'm glad kernel development is not very friendly.
Doing code review at work I am constantly catching blatantly obvious security bugs. Most developers are so happy to get the thing to work, that they don't even consider security. This is in high level languages, with a fairly small team, only internal users, and pretty simple code base. I can't imagine trying to do it for something as high stakes and complicated as the kernel. Not to mention how subtle bugs can be in C. I suspect it is impossible to distinguish incompetence from malice. So aggressively weeding out incompetence, and then forming layers of trust is the only real defense.
I think in some cases, you wouldn't even need multiple patches, sometimes very small things can be exploits. See: http://www.ioccc.org/
Another source on such things, although no longer an ongoing effort: http://underhanded-c.org/_page_id_2.html
Yes. binfmt and some other parts of systemd are such an example that introduce vulnerabilities that existed in windows 95. Not going into detail because it still needs to be fixed, assuming it was not intentional.
In that scenario, it is a genuine bug. Not a malicious actor