Slashdot Mirror
Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux
darthcamaro writes "At the Linuxcon conference in New Orleans today, Linus Torvalds joined fellow kernel developers in answering a barrage of questions about Linux development. One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,' as the audience broke into spontaneous laughter. Torvalds also admitted that while he as a full life outside of Linux he couldn't imagine his life without it. 'I don't see any project coming along being more interesting to me than Linux,' Torvalds said. 'I couldn't imagine filling the void in my life if I didn't have Linux.'"
*If* such a mechanism was coded in, the nature of open source would mean it would be found by others. This in turn would compromise the trust of the ENTIRE kernel. That trust can take years to build up - but be detroyed in a heartbeat.
We nod our heads for yes and shake them for no.
'linus' is an alias for 'root' on all systems running the kernel since Windo...err, Linux 3.11.
Password for said alias is 'root' (some of the backdoor-accessing programs don't accept blank passwords).
Never know, since it's not possible to look for such backdoors, unless it's open source.
And even IF it was, you'd have to worry about Trusting Trust.
(mostly sarcasm.)
Who cares if he got asked. I can ask for a lot of things too, but what I actually get is what matters. What did the government get?
*If* such a mechanism was coded in, the nature of open source would mean it would be found by others.
The nature of open source means it MAY be found by others. Sure you have a higher chance and an audit trail but you're making multiple assumptions here:
a) The code will be audited, and while this is true for the Linux kernel it may not be true for *insert small open source project with few developers here*.
b) You're relying on the audit to look in the right place, i.e. it's one thing to compromise the Linux network stack, and quite another to compromise *insert convoluted X11 protocol no one has touched in years here*.
c) You're relying on the fact the auditors can actually identify the fault in the code. Given that a backdoor can be inserted as easily as putting a = sign where an == sign belongs and given the quality of entries in the Underhanded C Contest I would say that not nearly every coder is competent at identifying nefarious code. Not to mention the number of exploitable bugs that exist at large.
d) You're assuming the source code matches the binaries, and while people may be routinely looking at your code, the vast majority of projects not built from source are NOT decompiled and checked against their source to see if someone hasn't tainted the binaries.
Having auditable code does not magically make you safe.
Yes, I put in without request.
... can't tell the difference between humour and reality.
Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission. Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.
Reflections on Trusting Trust
One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,'
That's actually quite a cunning answer: possibly, regardless of his answer to the back-door request (I hope the answer was something like "No, fuck you"), like others in comparable situations have hinted at, maybe he's being held accountable to some kind of on-going government "Non-disclosure clause" concerning such a request/conversation.
But can body language and gestures be held up to the same legal gagging? I'm sure no legal precedent been held for that yet, and Linus probably is aware of that.
A cunning, cunning way of answering the question.
'I don't see any project coming along being more interesting to me than Linux,' Torvalds said. 'I couldn't imagine filling the void in my life if I didn't have Linux.'"
Isn't it the nature of the US govt to arrest (without means to defend) anyone who does not comply with their (illegal) demands?
If Linus was threatened with his removal from Linux...permanently... and he can't imagine life without Linux.... isn't it time for some serious independent kernel reviews?
Seems we need reminding of this classic by Ken Thompson.
Slip a backdoor into a RHEL 6.x (or any other major Linux distribution) version of GCC and make it do two major things:
1. Slip a backdoor into any Linux kernel it compiles.
2. Replicate itself in any version of GCC it compiles.
Choose some entry point which changes very rarely so the chances of incompatibility with new code is small.
This would probably keep RHEL with any kernel version tainted for generations of releases without very little chance of being spotted, because there are no changes in the distributed source code of either project
Comment removed based on user account deletion
it depends on how it's coded. It's possible to code it in such a way that it's impossible to find by anyone but the person coding it. You gotta trust your programmer as much as you trust your doctor.
Seems we need reminding of this classic by Ken Thompson.
Slip a backdoor into a RHEL 6.x (or any other major Linux distribution) version of GCC and make it do two major things:
1. Slip a backdoor into any Linux kernel it compiles.
2. Replicate itself in any version of GCC it compiles.
Choose some entry point which changes very rarely so the chances of incompatibility with new code is small.
This would probably keep RHEL with any kernel version tainted for generations of releases without very little chance of being spotted, because there are no changes in the distributed source code of either project
Or bugs in the random number generator.
Now Linus can expect visit from the current regime security forces. Many people in the U.S was treated this way. No matter if they had bank accounts, 401K, houses, they were put on the plane and sent home.
When I think about it's not only government forces behaving this way. There are stories about hospitals shipping immigrant patients to the country of their birth.
Imagine when you wake up in some foreign hospital after living in US for 30 years.
The nature of open source means it MAY be found by others. Sure you have a higher chance and an audit trail but you're making multiple assumptions here:
The difference is that with a closed source OS, if the other devs with access to the code find the backdoor, they can be ordered by the company to STFU or lose their jobs. The NSA only needs to compromise (either legally or illegally) the head of the company and that also gets them every single dev with access to the source.
There's no way for even Linus at his most shouty to completely control what other Linux devs discover. (And, as the previous poster noted, that makes it easy for Linus to tip off another dev on the sly to publicly "discover" and patch the "bug", without exposing Linus to legal issues from not cooperating with the NSA.)
Given the difference between "effortless to compromise" and "insanely difficult to compromise", which would you pick as the safest?
Science is all about firing a drunk pig out of a cannon just to see what happens.
Turns out using the username "Joshua" gave me full access to NORAD's network.
Did he comply? We've seen that NSA has pretty solid arguments to force people.
I wonder if anyone actually takes the responsibility to do this check. Maybe there are GCC binaries in the wild which replicate a backdoor.
Random number generator would be the way to go on some projects. Would the users and devs pick it up in time, over time? Be activity looking for an issue like that?
Domestic spying is now "Benign Information Gathering"
I wonder if anonical, SuSE and RH track each others kernels, perhaps to see what the competition is up to, ensure compatibility, and lift useful additions. If so, they would be in a good position to catch suspicious developments, and would have motivation to make it public.
Or would that be too childish
If the Govenrment asked for Linux, then certainly they asked for Windows, and whereas I trust Torvalds, I don't trust Microsoft - not in a nasty way, just in the sense that they're a very large company over whom the Government has a great deal of power and where very large companies typically are not morally motivated. I don't mean that in a nasty sense, I just mean there's so many people, taking a moral stance - e.g. accepting a cost for a benefit you personally do not see - is in practical terms very, very unlikely.
So I think I have to assume there is a backdoor in Windows. In fact, it's hard to imagine anything anyone could say to reassure me. If the NSA said it was not so, I'd laugh. They twist words with the pure purpose of deception. If MS said so, I'd be thinking they were legally compelled, such that they could not even say that uch a request had occurred. The NSA surely now have a problem, in that I absolutely cannot trust their word - and indeed I cannot see how that trust can be re-established. If there was a full disclosure, that would be a start, followed by a credible reform programme. I don't think either even remotely likely; and by that, I rather think the NSA has either sealed its doom, or *our* doom. The NSA has gone too far. Either they will be replaced, in which case the problem is addressed, or, if they are not replaced, then *we* have a problem, because the NSA is too powerful to remove (and violates all privacy and security).
So, what do you know? turns out this *will* hurt MS sales, because now I *have* to move to Linux. I've been thinking about it for a while, but the cost of learning a new system to do only exactly what you can do already means where I'm very busy, it hasn't happened; but now there is a *need* for me to do, privacy.
Along with random number generator checks http://nakedsecurity.sophos.com/2013/09/11/rudest-man-in-linuxdom-rants-about-randomness-we-actually-know-what-we-are-doing-you-dont/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=a7340f16d1-naked%252Bsecurity&utm_term=0_31623bb782-a7340f16d1-418465757
The remark: "I couldn't imagine filling the void in my life if I didn't have Linux." is Linus telling us: "They threatened to take Linux away from me so I complied with their demands."?
yeah, he's a "char star" alright. yup.
if you have char-stars you don't care about voids, really.
--
"It is now safe to switch off your computer."
The kernel of any operating system serves software in the same way governments serve the people. Its taking the politcs out of government. The goal is to make the best system which fairly distributes its resources amounst its users/people most efficiantly so that they maximize their utilization. At the same time it is secure enough to withstand unruly users/citizens and out side agressors.
I wonder if anyone actually takes the responsibility to do this check. Maybe there are GCC binaries in the wild which replicate a backdoor.
Even if there were, you need only recompile your gcc source with llvm, icc, visual studio, or basically anything that isn't gcc to get a new compiler that won't replicate the backdoor any more. For extra fun, randomise the order of this compiling that compiling something else so that even backdoor reinsertions that cross the vendor boundary will eventually fail. Or write your own C++ interpreter in Python/Perl/whatever and use it to (very slowly) run gcc on itself - even if it takes a week you'll have a clean binary at the end. Yes, hiding such a backdoor seems scary to the untrained eye. It's also trivial to get rid of if you're paranoid enough to care.
Who originally made these patches? SELinux is rather prevalent in the linux community these days.
Unless it was capable of strong AI on my wimpy computer (which you'd think I'd notice the slow down, *snap* it's GCC, IT IS slow), I doubt very much a backdoored or trojan compiler could slip a backdoor into another compiler.
I can compile pcc, tcc and clang with gcc, and I can compile at least the stage1 of gcc with pcc and clang (probably not with tcc, though I haven't tried).
Sure, you can hide backdoors in things, but you can't do so* without changing timing or storage behavior. The less trivial you make the backdoor, the more easily it is to detect. At some point you have to believe in some kind of massive conspiracy of super-advanced computers embedded in intentionally crippled commercial computers for the backdoors some people talk about to be viable, and the more you learn about semiconductors and photolithography, the less plausible that seems.
* Many of the best-hidden backdoors are not of the type which modify behavior, as that would be easy to detect by reverse engineering, and are instead implemented as deliberate manipulation of timing or energy behavior. They are invisible to normal behavioral (state vector) analysis methods, and more easily disregarded as accidental defects than non-compliant behavior.
It's not their stuff. They don't dive a stuff for trust of the Linux system. Hell, they don't give a stuff for their own workings, look at how not-giving-a-shit they are about the spying done on their orders.
Learned from executives at big companies. They will, like politicians, get a well-paid out and a move to another even better paying job.
A chap can't let a fellow chap be unemployed! It would look like the chap wasn't worth it, and that idea could be contagious!
How about just the UK and France? Both have a "special relationship" with the USA, so can easily be getting the same information on how to snoop on your stuff as the NSA do.
So are you fine with the UK government, a foreighn power, snooping through your e-mails?
No?
THEN WHY THE FUCK IS IT OK FOR THE NSA TO SNOOP THROUGH MINE?
Morons.
You even say of your spying agencies "Well, I expect the agency to be spying on foreigners, but NOT to spy on me!!!". Except where they're spying on you, in which case "It's OK for them to spy on me".
Seems we need reminding of this classic by Ken Thompson... there are no changes in the distributed source code of either project
Someone would have found it with a debugger. Sure, they could change the compiler to insert code into a debugger to hide the patch. But this rapidly gets so complex and error-prone that the bloat would be noticed and it would fail to spot all debuggers and patch them all. It's an interesting theoretical attack, but not practical in the long run.
Use gcc to compile clang..
Use clang to recompile gcc..
Add more compilers to the mix..
The more you do this, the greater the chance of an incompatibility with the backdoor code either resulting in it being removed, or causing unexpected and easily noticed problems.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
If you were asking for a backdoor, and you happened to be a humongous security agency, wouldn't YOU have a lock put on that door? Stop underestimating NSA - you propagate lots of stupid speculation with immature assumptions like this.
jumping on the bandwagon of attacking Linus. But now I have to worry. Anyone who says he doesn't know how he'd survive emotionally without his pet project is a worry. He speaks of the project as a teenager might speak about their first love. It means he might put his emotions ahead of the good of the project. I know many will respond "yeah we knew that", but I think this statement is the perhaps the best evidence yet that they might be right.
work in progress
I just watched the interview on YouTube.
Linus DOES NOT admit he has ever been approached to put in a backdoor. He just makes a joke as his final "no"-statement implies.
This is lousy Twitter-filling populistic media.
He's been really successful at doing what he loves to do, which is an acheivement in itself.
My ism, it's full of beliefs.
I hate people who use char * instead of void * for things like generic buffer handling (e.g. myread()).
Why bother asking Linus to put a backdoor in Linux when it's just easier to ask Intel putting a backdoor in their processors?
Worrying about compromise of the Linux or Windows kernel is foolish - they're so large, they could have anything hidden inside and you'd never find it (searching for such is literally uncomputable). Begin your concerns with the device drivers from who knows where that are put into place by your motherboard BIOS or EFI boot systems. Conventional operating systems are entirely dependent on them, and they're completely beyond your ability to inspect or trust. And the Open Source variations have the same issue as the operating systems - large, monolithic blocks of code impenetrable to analysis.
You fear what you know about. Fear, instead, what you don't.
We should still try to make that hard. However, we should try much harder to avoid mass surveillance.
Someone would have found it with a debugger. Sure, they could change the compiler to insert code into a debugger to hide the patch. But this rapidly gets so complex and error-prone that the bloat would be noticed and it would fail to spot all debuggers and patch them all. It's an interesting theoretical attack, but not practical in the long run.
Not at all. You only apply the "patch" when debugging symbols are off and optimisation is on, which would cover nearly any production build. Even if you left in debugging symbols, you would still have a hard time discovering it with a debugger since optimisation is supposed do change the output.
You would also make it trigger under very special circumstances and as others have pointed out, the error you introduce could be a subtle change of behaviour of the random number generator.
Comment removed based on user account deletion
Let's not forget that there is a lot of "free" firmware that is packaged with "Linux" these days so that mainstream distros will work with a wide range of hardware.... what is it for some government agency to inject code in to that? Since it's not part of the maintained kernel and could be closed source it could contain a back door.
When the code is exposed to the public, open source should always have the trust of the users. I'm not sure if Stallman predicted the fact that governments would try to insert a backdoor, but his ideals should indeed prevent it. I trust open source software, but I do NOT trust closed and proprietary software from Microsoft or Apple. Those two have already been exposed to releasing personal details to governments.
Judges have ruled that the NSA could do these things - when the NSA lied to the judges about what they were doing and how. Some of those judges are pretty pisses off now that they know how the subpoenas were abused, so I wouldn't think think those rulings definitively say what NSA is doing is in fact legal. The judges who made the rulings don't think they approved what was actually going on.
Just for your information, I'm Belgian :-)
Not necessarily : http://www.dwheeler.com/trusting-trust/dissertation/wheeler-trusting-trust-ddc.pdf
What has been snuck past linus and the other code reviewers. Honestly Linus needs to do a call for people to comb through and look specifically for sneaky things. It's not hard to make something look innocent in C but instead it does evil. http://www.ioccc.org/ for example. or more scary... http://underhanded.xcott.com/
Linux needs a security team that is double checked by a team outside the USA so it can be the ONLY OS that can state, "Not compromised by the NSA"
Do not look at laser with remaining good eye.
From TFA:
Torvalds was also asked if he had ever been approached by the U.S. government to insert a backdoor into Linux.
Torvalds responded "no" while shaking his head "yes," as the audience broke into spontaneous laughter.
I.. Um... Well...
Damnit Slashdot.
It's ILLEGAL for the NSA to spy on Americans, and for good reason. That doesn't mean it's OKAY for them to spy on everyone else, but at least it's LEGAL.
As a US citizen, I'd rather China spy on me than the NSA. The reason is because China isn't going to try to "bust" me on a minor and erroneous charge. For example, there is a porn star named Ann Howe aka Melissa who started in porn when she was 20. She looks young, so several people have been busted for "child porn" for having pics of her when she was 20-25 years old. I don't want my government spying on my internet usage because my government will charge me with child porn based on a chick in her twenties. The Chinese government doesn't give a shit what porn I see. Therefore yes, it's less bad for a government to spy on foreigners - even when I am the foreigner.
Think this this is the most salient point in the whole presentation:
The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house. It should not matter that the neighbor's door is unlocked.
Time and time again I hear the old argument "Why not,I got nothing to hide" as it relates to computer access and spying. Present the same person with evidence that their house was accessed while they were out, their car was accessed without their permission and watch the reaction (most likely some variation of anger). People need to be taught that their digital world is just as tangible, just as important as their physical world.
Two questions that would great to put in front of world citizens today,
1 - How would you feel if the government went into your home every day without permission and looked through all your personal property, making copies of all your personal information
2 - How would you feel if the government accessed your personal computer, phone calls, emails, chats, and texts every day, making copies of everything you express and saving it for an unknown length of time?
When outrage is balanced between both is when the people will be able to make a change..
(That was a great read and while just a lowly Programmer, I was fascinated by what Mr. Thompson presented even as I realized there would be no way for me to ever know or change such a situation.)
Life is a great ride, the vehicle doesn't matter
I agree with your general reasoning. They could have forced ALL the major C++ compiler projects/vendors by means of NSL, though.
A nation state such as France or Russia can only be safe by building their own C++ compiler (which is capable of compiling the kernel and gcc) and that's quite a challenge, even to them.
If a judge feels he was deliberately misled, then he could issue a bench warrant for the arrest of the person who misled him. He could put the man on the stand and compel his testimony.
Apparently, the judges are only pissed enough to say they are pissed.
I hate people who use char * instead of void * for things like generic buffer handling (e.g. myread()).
Wow, your judgment of a person is contingent on a surprisingly small detail!
Just kidding. It bugs me too. The problem is that programmers aren't always great about differentiating between different levels of abstraction. I.e., calling something "binary data" in contrast to something else. It's all binary data. The question is whether or not you know how to interpret it at a level any higher than "a sequence of bits".
As opposed to planned laughter?
Good grief. The European, Russian, Arab, Chinese, et al, are all pushing to monitor everything that goes on the wire. Look at the "Great Fire-Wall of China". There are plenty of Easter Europeans that commit code to open source projects. Are you assuming Russia, et al don't put in traps and back doors? The West Europeans are no better. The UK, for instance, has one of the densest CCTV networks in the world.
In reality, slipping a backdoor into Linux is much easier: just code it into a proprietary wireless firmware blob which is already a part of the (non-free) kernel distributed at linux.org. The mal-firmware can then spy and report directly from the network card, or use DMA to elevate itself to ring 0 on the main CPU. What makes this scenario most FUN is the sheer likelihood of such a backdoor being in place RIGHT NOW, within the official Linux git repo, since no approval or knowledge by Linus would be required to slip it in.
Yah. Would be practical in the ultimate monoculture scenario, if everyone was coerced into running the same exact OS and kernel and dev stack, but not if the software is free and people are free to study it and use it any way they want.
No amount of cryptography can make any computer secure. Unless you design and build the hardware and develop all of the software that runs on that hardware, any form of "security" is based on trusting the people who provided the components you did not build yourself. This includes by extension, all of their employees, subcontractors, and vendors that they employ.
Good point, although the changeover should be obvious if somebody compiles from the (presumably clean) source and gets a ~significantly different executable. And since they mirror/repo all that stuff, I would think a few vigilant people would be enough to catch it.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
It’s not the fact that they have access to your machine that’s an issue (in your opinion at least). Think about how many times you’ve gone through life making bad choices based on inaccurate data. You purchased that car because a friend told you it was so great only to be a lemon. Went out with that friend of a friend because someone said you were a perfect match. Wrote that line of code thinking that will fix the program, only to produce inaccurate results.
Now think about the NSA dealing with Humans (Programmers, analyst, and you and me) working with terabytes of data points. Are you still comfortable with being able to defend yourself if one of those people makes a mistake? Remember others are using the same data but hiding where the data came from Are you still sure your OK with the NSA snooping through your hard drive while making life altering choices about you? I read a quote somewhere where someone said “Give me the hard drive of mother Teresa PC and I can make her out to be the world’s worst criminal in 30min.” comforting thought. Are you still OK with them looking at your PC?
let's play a game
Not at all. You only apply the "patch" when debugging symbols are off and optimisation is on, which would cover nearly any production build. Even if you left in debugging symbols, you would still have a hard time discovering it with a debugger since optimisation is supposed do change the output.
So you compile the compiler in debug mode (no patch), use that build to compile it again in normal mode, and the patch is gone. Problem solved. In any case, I didn't mean "compiled in debug mode", I mean an external debug tool that can hex dump and disassemble.
Just for your information, I'm Belgian :-)
Oh no! Everyone, quick, look for a dead body. There must be one around here somewhere.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Pet peeve alert:
You don't shake your head 'yes', you nod your head 'yes'. Shaking your head indicates 'no'.
Higher Logics: where programming meets science.
Plus, over the course of a lifetime, the "you"s change.
Except in Australia, where (I am appalled to say) the term "youse" means a plurality of "you"s. [Sigh. For the information of the illiter8 ba5tards among us, "you" is the second-person plural form as opposed to the now obsolete first-person "thou". The latter is still good for Shakespearian insults, though, e.g. "thou remnant!"]
But did he comply with the request?
Watch the video. http://www.youtube.com/watch?v=84Sx0E13gAo&t=1456
He was CLEARLY joking. After the "yes" nod, he smiles and actually says "no." He didn't admit to anything. He was just trying to be funny.
Why is it so hard to take things in their full context?
From the description of the study, it seems to me that people who have formed an opinion won't change it just because they see a single piece of potentially falsified or misleading evidence. For example (looking at one of the experiments), if someone has an opinion on joblessness in the US - which might bring in factors of job stability, hours worked or attainment of a living wage - seeing a single graph on number of employed people in recent years does not allow us to conclude that joblessness has been reduced under Obama, unless you have a very primitive interpretation of "joblessness".
The only damning conclusion is that some academics are so arrogant that they assume test subjects must be faulty if they don't immediately believe the academic's interpretation of some data presented to them.
Learning math, and being shown that an equation is incorrect, one readily accepts that. Things like unemployment, climate change, etc., aren't about concrete objective things, but instead are really various facets of one's ideology. Ideology, like religion is hard to change and pretty much for the same reason. It is not based on knowledge, but instead on belief.
That can be good or bad, depending on how it is used, but most often, it turns out to be bad. Ideologies often force us to characterize others by stereotypes, not individuals. What is happening in the US Congress and many parts of the world politically, is all based on people holding on to their ideologies and not not listening to the other side. Holding to ideologies instead of the underlying principles leads to the notion of if you aren't with me you are against me and that ultimately leads to disaster for a society by concentrating the power in the hands of a few at the expense of many.
One thing is for certain, you don't change people's ideology with facts. Facts appeal to the rational, logical part of our psyche. Ideology, on the other hand is an emotional response and like love is often anything but logical.
looks like a bug: http://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/
But he is forbidden to talk about it and has to communicate it this way. Reminds me of the proposal to publish your pgp key with the note "this key has not been compromised". When thr government demand the key you remove the note.
Not at all. You only apply the "patch" when debugging symbols are off and optimisation is on, which would cover nearly any production build. Even if you left in debugging symbols, you would still have a hard time discovering it with a debugger since optimisation is supposed do change the output.
You would also make it trigger under very special circumstances and as others have pointed out, the error you introduce could be a subtle change of behaviour of the random number generator.
If you did that, the backdoor would disappear over the course of time whenever someone released a production compiler that was compiled with a debugging-symbol version of the same compiler. (This is a lot more likely than it seems; the people who actually develop compilers, and thus compile them, are likely to have debugging symbols on for their compilers as a matter of course, because they frequently make changes that break them.)
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
BOW-CHICKA WOWWOW
Yeah, BUT.
We know from Ken Thompson's talk at the 1984 ACM that it's possible to deliver a system (compiler, kernel & userland binaries, etc.) with source code for the compiler, kernel and userland where the system is compromised and will remain so after a rebuild of all binaries from source, even if the source itself does not contain a compromise. So it's perfectly possible that the Linux kernel is currently compromised and there's no way we would know.
See: http://cm.bell-labs.com/who/ken/trust.html
The Windows update mechanism is a huge backdoor: any code can be introduced onto your machine at any time. And pushing a compromise as a "special" update is far better than distributing it to everyone, since it makes detection much less likely.
We could call it kernel-open-OPEN -source-for-all-you-douchebags-this-ones-for-you-rc1 or something
WARNING: Smartphones have side effects--most of them undocumented.
The article doesn't say.
I C what you are doing here...
Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission.
I agree it is a joke but making a joke does not mean there is nothing serious being communicated. The best jokes are usually about topics that are very serious. Maybe it was a joke and nothing more (I certainly hope so) but without more information you cannot actually be certain either way. If he was asked to put a back door in that would hardly be a surprising revelation.
Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.
You think the idea of a backdoor in linux is not a serious tech topic? Besides it's only paranoia if "they" are not actually after you. Recent revelations about the NSA and other government activities clearly demonstrates that being concerned over government snooping is actually quite reasonable.
I have been pulled over for going the speed limit. Probable cause, "Your driving was suspicious. Nobody drives the speed limit around here.". No way to win.
Exactly. Back in the bad-old-days when I used to compile gcc a lot, it came with a stage 1 compiler, which was simple enough to be compatible with a wide range of system cc's but strong enough to compile stage 2, which was then strong enough to compile all of gcc.
I don't know if clang has the same approach (or, heck, if gcc even does still) but the approach is straightforward. I was a bit disappointed to see that FreeBSD went from a two-compiler standard to a single-compiler standard for this very reason.
The other added advantage of the 3-layer approach, is that if you can audit the stage 1 compiler, that should be sufficient for checking for Trusting-Trust attacks. If you ever suspect that "all" of the compilers have been compromised, you need "only" write a new basic c compiler that can compile gcc stage 1. If you don't ever have to worry about doing optimizations, it's something that can be done as a university-level project.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Sure they _could_, but since the people who misled the judges were representatives of an agency, engaging in the agency's business as directed by their superiors, it's better that the agency and it's leaders are held accountable. For now, there are congressional hearings going on handling the matter through the political process, with congresscritters feeling public pressure. As a general rule, judges don't like to single-handedly usurp the public political process. Of course the Supreme Court from time to time has to rule on cases involving politically disputed issues, but lower courts generally shouldn't.
If, through the process of congressional hearings and such, it becomes clear that specific people committed perjury, that would be time for courts to convict certain people, after the public has made decisions through their elected representatives.
So the solution is fairly straightforward. Take llvm and BSD and compile Linux and GCC with it. Then test the output of compiling those same two things with the resulting compilers. If (bsd:llvm(linux:gcc))(linux:gcc) produces different output than (linux:gcc(linux:gcc))(linux:gcc) you have a big problem, but you know that you have it.
He was saying "no" because of the gag order, and nodding his head to say "yes, there is one."
There is more risk of being caught implanting a bug in Linux :
Imagine you send Linus, Alan Cox, etc. an NSL telling him to implant some bug himself. What could go wrong?
First, Linus is famous. Are you going to lock him up for violating the NSL and telling everyone about it? Even if he doesn't violate it, he could obtain the resources for a court fight by merely hinting. NSLs aren't usually challenged, but several lost in court.
Second, Linus could quietly tell another kernel developer or security researcher who then "discovers" the bug. Again, you cannot prosecute Linus himself so easily because he's famous. In fact, any court case eventually exposes that you're inserting backdoors, which makes a mess.
You might attempt this through another less famous kernel developer, but his patches likely receive more review, and he could still quietly leak the bug.
So what do you do? Just make the patch as useful as possible, make the insecurity created a subtle and plausibly deniable as possible, and submit the patch through extremely public channels. Don't involve crazy unpredictable developer types if at all possible. That's how you minimize your chances of exposing your backdoor program.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
It's an interesting theoretical attack, but not practical in the long run.
Maybe the Linux kernel running Slashdot inserted this comment?
Linux is a philosophy. Windows is a product created and sold by a company headquartered and registered in the United States, and as such, is subject to all laws and regulations of the U.S. Government.
Of course Windows contains back doors for law enforcement and intelligence authorities. Why should this be so surprising?
I have theorized for decades that the "zero day exploits" that hackers keep finding in Microsoft Windows are merely security holes created for government agencies. By dumb luck or determination, skilled hackers stumble across those exploits. Microsoft hires talented coders and engineers, and some of the security flaws revealed in Windows exploits are simply too egregious to be explained as "sloppy coding."
THIS SPACE INTENTIONALLY LEFT BLANK.
Fully Countering Trusting Trust Through Diverse Double-Compiling
Fully Countering Trusting Trust Through Diverse Double-Compiling
Fully Countering Trusting Trust Through Diverse Double-Compiling
It's not feasible for a general attack, but it's still possible with a targetted attack. Still, I wouldn't look there. Intel and other microprocessor makers are a much easier target. In fact, that's one of the things that came out in Snowden's documents. The NSA asked one of the companies to put a backdoor into hardware that was being shipped to the government of another country.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Not generic enough. Not everybody has a card that needs a 'binary blob'. Those with something to hide would soon enough pay extra for such machines.
https://www.youtube.com/watch?feature=player_embedded&v=84Sx0E13gAo
Heres the video. Set it @ 24 minutes 15 seconds.
has anyone done something like this yet ? are there any links ?
it would be cool to see gentoo work this in somehow
What I'd like to know is what Linus' answer was to the logical follow-up question "Why did you not make this fact publicly known when it happened?" And as long as I don't hear a satisfying answer to that one, I'm going to trust Linus and Linux just as far as I can chuck my copy of Windows XP.
OK, so Linus tells the NSA to bug off. But what about the distros? Doesn't Red Hat do a fair amount of business with the US government? Would the government be in a position to pressure Red Hat to put in a back-door? Red Hat releases binary RPMs and the corresponding source SRPMs. But how do we know that a binary RPM for RHEL is not a "modified" version of what is in the source? I suppose we can all just go and compile our kernels from the kernel.org sources to be safe.
The problem is only solved if anyone does this. Scratch that, everyone does this.
Good luck getting 80 million people to do with with no way to know if it would solve their backdoor problem.
Troll is not a replacement for I disagree.
David A. Wheeler demonstrated how to defeat such an attack. See: http://www.dwheeler.com/trusting-trust/
How far away do you live from Aristotle's birth place?
This space for rent
I'm still confounded by it. I don't sign my credit cards either, who wants to come after me for that? Fuck and least the credit card thing makes sense.
My court date is in October. I may opt to write in because for the life of me I don't believe I could do anything else but yell at the judge, "WHY THE FUCKING HELL AM I HERE!?"
I'm pretty sure that wouldn't turn out well for me.
I don't say that as a joke either. The average child includes the young form of people who grow up reasonable. The group you just referred to does not. My point is: the average child will behave more rationally, reasonably or for the common good than the average adult in a position of authority.
It would only disappear temporarily until you again used the malign production compiler to compile a new production version of the compiler.
If you compile the next production compiler with the last development compiler (which in turn has been compiled with the previous iteration of development compiler) you risk spreading bugs which aren't actually in the source code of the compiler anymore. This carries it's own problems. You also risk making the next stable version of GCC impossible to compile with the previous stable version of GCC.
Without knowing this for sure, I would strongly suspect that the final production version of the RHEL 7.x GCC compiler is actually compiled with the last production version of the RHEL 6.x compiler.
There are a lot of interesting solutions to this problem in the thread following my post, but none of them actually contain any evidence that any of these solutions are actually used by Red Hat, Debian, Canonical, etc.
The problem is only solved if anyone does this. Scratch that, everyone does this.
Bingo!
"I mean an external debug tool that can hex dump and disassemble."
Good luck with that. We're talking about millions of code lines resulting in even more millions of lines of assembly, which has been automatically optimised and thus aren't exactly the same as the direct translation of the C++ code to assembler. Furthermore, you have to do this without knowing what you are looking for, or even if anything wrong exists. Debugging the Linux kernel to find the problem would be near impossible, because you'd have to actually match the exact conditions the backdoor appears in order to find it in the debugger.
Debugging the compiler would be your best bet and theoretically you could quite easily match the conditions in compiling the new production version of GCC, but you'd have to go through it step by step to figure out whether it is doing the expected thing for your optimisation level.
You may as well just study the disassembled code line by line to work out if it is the expected output from compiling the new version of GCC with the exact version of GCC you already have.
Ubuntu is not based in the US.
Have you ever tried compiling gcc from source using Visual Studio?? Thought not.
And have them roll on their superiors who often have powerful friends and/or "clean" public personae.
but they don't need to know that!
this was of course very cute and funny, but what about the backdoor? did he comply with the request?
Just say 'no'. And tell them to f--k off while you're at it.
I suspect you mean (from TFA):
"Torvalds responded "no" while nodding his head "yes," as the audience broke into spontaneous laughter"
Fooks sake!
Question is why do these technological advances always come out of the United States? It seems that if Linux originated say in Germany there wouldn't be much of a problem with the NSA demanding a back door.
But so much of our technology is tied to the US, and government regulations that it seems inevitable that all the popular software we use has been compromised. Which raises the question that if the NSA can access any computer, what makes us think that hackers have not found the same back doors?
-Gel214th
Read this for a theoretical possibility how backdoors could go unnoticed in open-source based systems: http://en.wikipedia.org/wiki/Backdoor_(computing)#Reflections_on_Trusting_Trust
If the coder follows decent standards and comments his code then there is no probably!
Well, it's easier than compiling Visual Studio from source using gcc...
My response to this is, "so using that argument, can you tell me if anyone has ever been jailed for a crime they did not commit?"
I'm so glad that I live in a world with Open Source, Creative Commons, and the GNU and also Linux projects exist.
I wonder if the Spooks could be sued for Copyright Infringement if they spy on people?
What if I wrote the login code in assembler and then linked it in.
Would the linker then need to be made to recognize that the machine code was login code and patch it?
Betcha can't.