On 09/07/18 15:59, Jimmy Johnson wrote:
> On 07/09/2018 04:17 AM, KatolaZ wrote:
>> On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote:
>>> On 07/09/2018 03:53 AM, KatolaZ wrote:
>>>> On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote:
>>>>
>>>> [cut]
>>>>
>>>>>
>>>>>
>>>>> Well some of those kernel experts are saying you need to check
>>>>> your kernel.
>>>>> Also how you respond to this thread speaks volumes.
>>>>
>>>> Please, share some relevant links then, and let us understand what you
>>>> are talking about.
>>>>
>>>> If you keep mentioning unspecified "kernel experts" and what they have
>>>> allegedly said about the Linux kernel without providing any evidence
>>>> for your claims, your posts can be easily misinterpreted by a
>>>> distracted reader as FUD.
>>>
>>> It's simple, because they can't say any more than Linus can, you are
>>> not
>>> being helpful and I will now stop replying to your unhelpful post.
>>>
>>> What you can do is look for malware, do some investigative research,
>>> just
>>> educate yourself, what I know is out there for all to read.
>>>
>>
>> So if those "kernel experts" are not saying more than Linus can say,
>> how comes that you got to know what they haven't dare to say to
>> anybody else? o_O
>>
>> I guess we should all educate ourselves in substantiating our claims
>> with facts, instead of throwing stones at random.
>>
>> I have had the opportunity to read through several parts of the Linux
>> kernel in the past, mostly related to networking, scheduling, and
>> vfs. Once I had to modify the vfs layer to trasparently include
>> symmetric encryption for all the supported FS. I guess it was 2.4 or
>> 2.6. Another time I developed a full soft real-time stack for ad-hoc
>> sensor networking (that was definitely 2.6). I also had the
>> opportunity to develop several custom device drivers, back in the
>> days, and even to do some reverse-engineering on a few "closed"
>> drivers.
>
>
> [PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan
>
> https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf
>
>
> GitHub - "dbus-like" code for the Linux kernel
>  https://github.com/gregkh/kdbus
>
> OutlawCountry exploit - What this won't tell you is that it was
> created for the CIA and first tested in Fedora, was designed to read
> windows file servers. they got caught.
>  https://access.redhat.com/solutions/3099221
>
> Today Linux is pretty much owned by the NSA, including it's
> developers, not many educated eyes out there anymore to spot and
> report malware. Things have changed.
>
>> I can't say I have examined all that stuff in detail, but I think I
>> have a very rough idea of what is going on under the hood. And what I
>> saw is that the Linux kernel is in general very easy to read and to
>> understand. Hence my conclusion: if anything wrong was there, we would
>> most probably know already.
>
>
> KatolaZ, I came looking for help. Reading a linux kernel requires
> knowledge of software engineering, I don't have that knowledge or
> experience, even if I open kernel source I would have no idea what I
> was looking at.  I just want to know if dbus or any other exploit is
> in the kernel. And/or can we have are own kernel?
>
> Thanks,

What do you mean by 'having our own kernel' ?

Read 'Linux From Scratch' and compile your own kernel - or use gentoo.

Now if you mean our very own kernel with little or nothing from
kernel.org, then no. Not happening.  It would be 100 times more work
than creating devuan.

If backdoors in the linux kernel bother you I suggest your try one of
the BSDs. But to what extent is the irascible Theo de Raadt in the
pocket of the NSA too?

DaveT