On 09/07/18 15:59, Jimmy Johnson wrote:
On 07/09/2018 04:17 AM, KatolaZ wrote:
On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote:
On 07/09/2018 03:53 AM, KatolaZ wrote:
On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote:
[cut]
Well some of those kernel experts are saying you need to check
your kernel.
Also how you respond to this thread speaks volumes.
Please, share some relevant links then, and let us understand what you
are talking about.
If you keep mentioning unspecified "kernel experts" and what they have
allegedly said about the Linux kernel without providing any evidence
for your claims, your posts can be easily misinterpreted by a
distracted reader as FUD.
It's simple, because they can't say any more than Linus can, you are
not
being helpful and I will now stop replying to your unhelpful post.
What you can do is look for malware, do some investigative research,
just
educate yourself, what I know is out there for all to read.
So if those "kernel experts" are not saying more than Linus can say,
how comes that you got to know what they haven't dare to say to
anybody else? o_O
I guess we should all educate ourselves in substantiating our claims
with facts, instead of throwing stones at random.
I have had the opportunity to read through several parts of the Linux
kernel in the past, mostly related to networking, scheduling, and
vfs. Once I had to modify the vfs layer to trasparently include
symmetric encryption for all the supported FS. I guess it was 2.4 or
2.6. Another time I developed a full soft real-time stack for ad-hoc
sensor networking (that was definitely 2.6). I also had the
opportunity to develop several custom device drivers, back in the
days, and even to do some reverse-engineering on a few "closed"
drivers.
[PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan
https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf
GitHub - "dbus-like" code for the Linux kernel
https://github.com/gregkh/kdbus
OutlawCountry exploit - What this won't tell you is that it was
created for the CIA and first tested in Fedora, was designed to read
windows file servers. they got caught.
https://access.redhat.com/solutions/3099221
Today Linux is pretty much owned by the NSA, including it's
developers, not many educated eyes out there anymore to spot and
report malware. Things have changed.
I can't say I have examined all that stuff in detail, but I think I
have a very rough idea of what is going on under the hood. And what I
saw is that the Linux kernel is in general very easy to read and to
understand. Hence my conclusion: if anything wrong was there, we would
most probably know already.
KatolaZ, I came looking for help. Reading a linux kernel requires
knowledge of software engineering, I don't have that knowledge or
experience, even if I open kernel source I would have no idea what I
was looking at. I just want to know if dbus or any other exploit is
in the kernel. And/or can we have are own kernel?
Thanks,
What do you mean by 'having our own kernel' ?
Read 'Linux From Scratch' and compile your own kernel - or use gentoo.
Now if you mean our very own kernel with little or nothing from
kernel.org, then no. Not happening. It would be 100 times more work
than creating devuan.
If backdoors in the linux kernel bother you I suggest your try one of
the BSDs. But to what extent is the irascible Theo de Raadt in the
pocket of the NSA too?
DaveT
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
