With careful planning though, with the ability to rootkit any linux kernel it compiles that in turn hot-patches any gcc compilations and so on, with the ability to re-route system calls to hide itself... it could be very very hard to detect.
Even moreso if such was deployed in a couple target CI/CD systems.
bootstrappable builds are the only path to prove such an attack did not happen.
With careful planning though, with the ability to rootkit any linux kernel it compiles that in turn hot-patches any gcc compilations and so on, with the ability to re-route system calls to hide itself... it could be very very hard to detect.
Even moreso if such was deployed in a couple target CI/CD systems.
bootstrappable builds are the only path to prove such an attack did not happen.