|
Posted by Sebastian G. on August 22, 2007, 9:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
plenty560@yahoo.com wrote:
> On Aug 21, 10:51 am, et...@FreeNet.Carleton.CA (Michael Black) wrote:
>
>> It's the "NSA patch", that's like a trojan horse because it's promoted
>> as adding security to the kernel. So the believer adds the patch, and
>> whamo! their hooked into the NSA's secret sub-net, passing their secrets
>> directly to the NSA.
>
> The way it was phrased I assumed that that the patch
> had made it into the kernel tarball, but if not then
> that's fine.
>
> However, I suppose it is conceivable that some spook
> has infiltrated the Linux project and has placed clever
> vulnerabilities into the kernel. Is there any evidence of that?
We've seen a
if (UID = 0 || GID = 0) {
// do something
}
but this was detected and removed two days later.
However, for C and other highly complex languages with a lot of undefined
behaviour it is comparably easy to insert a vulnerability that only the
author can recognize
| 
XML site map