On Wed, 18 Jul 2018 at 00:33:45 +0200 Adam Borowski <kilob...@angband.pl> wrote:
> On Tue, Jul 17, 2018 at 11:21:15PM +0200, Alessandro Selli wrote: >> My point is that the chances there is a backdoor in the Linux kernel >> are about as high as the chances tomorrow an alien ship abducts the >> world's leaders to take them captive to another solar system > > Actually, it's pretty likely some odd driver has a limited backdoor (aka an > intentional exploitable bug), $ test backdoor = bug && echo "The NSA's got us!" || echo Bullshit Bullshit $ > and 99.999% chance there's a number of > unintentional bugs the NSA, GRU and so on know of but don't let the public > know, saving them for high-value targets. Ok. How many were there that were ever exploited? > Then there are local exploits. Why do you keep shifting the topic? [...] > Same for other USB subsystems. All it takes is a device on the other end of > the USB cable to identify itself as a 1997 Mattel Sidewinder joystick or > such, whose driver has slightly inadequate input validation, to exploit a > locked machine. > > Or so on, so on... No one ever claimed Linux to be bullet-proof in all circumstances. Linus knows that, Kroah-Hartman knows that and so on, so on... What is being refuted is the claim that someone might have intentionally inserted a backdoor into the Linux kernel code and nobody else noticed. That's 99.999% unlikely. There are easier ways to compromise a Linux box, e.g. via the hardware and related sw (firmware, ME etc.) >> that there's no way we, or any single minor distro devs, could make the >> kernel any more secure than it currently is and that trying to do it would >> drain a huge amount of resources > > Minor distributions should follow the rule: > "Do one thing and do it well." > > Choosing secure defaults is in scope, but searching for backdoors is not. It depends. Auditing /sbin/init could be done. It's small, it does few things and it seldom changes. Just the opposite of the kernel. Alessandro _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng