"But the attempt didn’t work, because the Linux team was careful enough to notice that that this code was in the CVS repository without having gone through the normal approval process. Score one for Linux."

Actually, they were just lucky enough that someone wasn't able to break into the main BitKeeper repository. It is highly unlikely that any private organization could withstand a state sponsored intrusion from the likes of the US, Russia, or China. And that's assuming they needed to. They probably already have found bugs that would let them in without going to such lengths. Also take into consideration that just "Linux" by itself is useless, there will be a lot of other 3rd party applications installed on the system with a lot less strict security over their source code.

The particular bug in question doesn't actually provide an exploit, it just sets the current UID to 0. An attacker would still need some other method of executing their own code under that ID which would require the ability to create new processes (e.g. the command line), or a method of altering the code of the current process through some other bug. The fact that an accompanying alteration wasn't found that allowed for that is a good hint that there's a lot more problems.

I enjoy the idea that we can feel safe from attackers because we caught an attacker once, that time back in 2003.

While I love, loved, and will always love C, it has too many security dangers like these. I know it's not intrinsically its fault, and that you can mitigate lots of issues using better tooling, but many of the issues with C are due either to poor design choices (just look at the state of string.h) or things nobody could foresee decades ago. While being close to metal is of paramount importance for tasks such as writing kernels, we shouldn't be forced to pick between safety and simplicity; I think that C needs a treatment like C++11 has been to C++. Lots of people will stubbornly stick with C89, but a boy can hope, I guess.

Published 2013.

The check should be written:

if ((options == (__WCLONE|__WALL)) && (0 = current->uid)) retval = -EINVAL;

This would cause a compile error on the naughty code.