:: Re: [DNG] A Devuan kernel?
Página Principal
Delete this message
Reply to this message
Autor: Alessandro Selli
Data:  
Para: dng
Assunto: Re: [DNG] A Devuan kernel?
On Wed, 18 Jul 2018 at 00:33:45 +0200
Adam Borowski <kilobyte@???> wrote:

> On Tue, Jul 17, 2018 at 11:21:15PM +0200, Alessandro Selli wrote:
>> My point is that the chances there is a backdoor in the Linux kernel
>> are about as high as the chances tomorrow an alien ship abducts the
>> world's leaders to take them captive to another solar system
>
> Actually, it's pretty likely some odd driver has a limited backdoor (aka an
> intentional exploitable bug),


$ test backdoor = bug && echo "The NSA's got us!" || echo Bullshit
Bullshit
$

> and 99.999% chance there's a number of
> unintentional bugs the NSA, GRU and so on know of but don't let the public
> know, saving them for high-value targets.


Ok. How many were there that were ever exploited?

> Then there are local exploits.


Why do you keep shifting the topic?

[...]

> Same for other USB subsystems. All it takes is a device on the other end of
> the USB cable to identify itself as a 1997 Mattel Sidewinder joystick or
> such, whose driver has slightly inadequate input validation, to exploit a
> locked machine.
>
> Or so on, so on...


No one ever claimed Linux to be bullet-proof in all circumstances.
Linus knows that, Kroah-Hartman knows that and so on, so on...
What is being refuted is the claim that someone might have intentionally
inserted a backdoor into the Linux kernel code and nobody else noticed.
That's 99.999% unlikely. There are easier ways to compromise a Linux box,
e.g. via the hardware and related sw (firmware, ME etc.)

>> that there's no way we, or any single minor distro devs, could make the
>> kernel any more secure than it currently is and that trying to do it would
>> drain a huge amount of resources
>
> Minor distributions should follow the rule:
> "Do one thing and do it well."
>
> Choosing secure defaults is in scope, but searching for backdoors is not.


It depends. Auditing /sbin/init could be done. It's small, it does few
things and it seldom changes. Just the opposite of the kernel.


Alessandro