(Not too much) Off-topic: "...Our bitkeeper,how art in server, hallow be thy name..."
When I saw the code in security focus I got really impressed, be cause of the simplicity, and mainly how with out a "=" it could decive the common overlook of the most of the people.... basically the backdoor was just one line (the last is practically not necesary once you are already root, however your program wont end properly, but.... ctrl+c, reminds me something ;D, oh, nice rootshell! )
About the first line, is really admirable how he manages the function call flags, but i thought, its not a very uncommon function (waitpid4()), any program, with child processes, who had run it with the proper options, accidentaly or not, would have got root, something that would have taken our attention...
Another thing to think about is... Ok, they got the tricky code in the main source but you may wonder as in time i did, what about LKM? }=)... But don't forget why all that people loves that kern0 ;P, as a particular issue, it prevents the LKM (beyond of being now linked to the kernel code) accesing the kernel data structures, variables, in fact all kind of symbols, unless the told symbols were exported properly in the kernel code. Which means that our LKM can only work if we modify the kernel, if we can modify the kernel, we can put the g*ddamn backdoor code directly inthere, and that should lead you into an infinite brain loop that may cause alucinations, aches and other kind of madness simptoms.
PD: This things remind me, you should always use the checksums to verify the code was not modified.
PD2: Please forgive my poor english (I think i had created a few new words to your language above :S, hope i were wrong )
PD3: If there's anything in this post you don't get just ask, i'm not a really good speacher
Salu2
