Backdoors in Linux?

Issues and / or general discussion relating to Puppy

Moderator: Forum moderators

Post Reply
Mike3
Posts: 112
Joined: Fri Aug 28, 2020 1:26 pm
Been thanked: 1 time

Backdoors in Linux?

Post by Mike3 »

So, I read some articles regarding backdoors into Linux.

Here it states that there was a security issue in kernels: 5.10-rc4, 5.4.66, and 5.9.8:

https://www.zdnet.com/article/linux-ker ... ck-memory/

So were earlier and later kernels affected or are the in the clear?

And then I read that NSA put things into the openSSL :( :x

https://forums.linuxmint.com/viewtopic.php?t=214987

And it states kernels 3.8 and higher are affected, but then someone wrote that it has been fixed. So If I use a kernel between 3.10 and 5.xx should I be fine? Or do I have to fix it?

https://www.cyberciti.biz/faq/linux-cve ... aNycGzNBlE

Apparently also a company connected to Huawei put in some buggy code that could be used to spy I read also.

But isn't it very hard to put things into Linux that are backdoors and spyware since it is open source and hence the code can be seen by anyone.

https://www.quora.com/Does-the-NSA-have ... r-to-Linux

And some people at a university at a Spanish university said grub2 could be compromised by hitting enter like 24 times I read.

And some dude write: "I attended a presentation a few years ago, where the presenter claimed that a significant number of patches to OpenSSL/SSH originated at the NSA. OpenSSL/SSH is the package providing security for most Linux machines."

What?

User avatar
GMBudwrench
Posts: 98
Joined: Tue Feb 23, 2021 3:19 am
Has thanked: 14 times
Been thanked: 22 times

Re: Backdoors in Linux?

Post by GMBudwrench »

https://www.theverge.com/2021/4/22/2239 ... n-research

Someone posted about this ^^^^^ earlier this year. The particular kernel was pulled off and replaced by a different version, by Oz, if I'm not mistaken.

HP G71 Wins10 64 bit, 2.2ghz 320gb hdd, Bionicpup64 on a WD 500gb portable HDD.

Mike3
Posts: 112
Joined: Fri Aug 28, 2020 1:26 pm
Been thanked: 1 time

Re: Backdoors in Linux?

Post by Mike3 »

But now it seems NSA has it code in all Linux kernels. This would be through the SELinux thing, which they originated and according to wikipedia:

The NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000.[6] The software was merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003

And then it seems the NSA helped write code for the Android OS:

https://qz.com/102346/no-wonder-china-i ... urce-code/

I mean it is possible that NSA actually did something good that is not spyware but wouldn't it be better if someone rewrote that part of the kernel I mean there must be people around with knowledge on how to make kernels secure and all that.

And if someone did that, could we have an app or script or thing to exchange the NSA code in existing kernels or something?

Also I read that it loggs info, does that mean it stores stuff?

Considering that SELinux is a kernel module, it can log everything — all allowed and denied requests. Detailed logging is also required to troubleshoot issues. It is important to define logging requirements and tune the system to reduce performance impact.
[/quite]

From here:

https://capsule8.com/blog/selinux-a-boon-or-bane/

Last edited by Mike3 on Thu Dec 16, 2021 4:29 pm, edited 1 time in total.
backi
Posts: 600
Joined: Thu Jul 23, 2020 2:28 pm
Has thanked: 76 times
Been thanked: 70 times

Re: Backdoors in Linux?

Post by backi »

I anyway always thought even Linus Thorwald is most probably Member of the "Club".
Controlled Opposition .......The famous good Cop ( Linus Thorwald )....bad Cop (Bill Gates) Game.
There is no such Thing as "Privacy".......mere Illusion.

Last edited by backi on Thu Dec 16, 2021 4:40 pm, edited 2 times in total.
Feek
Posts: 398
Joined: Sun Oct 18, 2020 8:48 am
Location: cze
Has thanked: 54 times
Been thanked: 90 times

Re: Backdoors in Linux?

Post by Feek »

Positive on it is that they are only articles.
I didn't find a mention that a specific user(s) would get into trouble.

User avatar
Phoenix
Posts: 341
Joined: Fri Feb 12, 2021 2:03 am
Location: Canada
Has thanked: 4 times
Been thanked: 48 times

Re: Backdoors in Linux?

Post by Phoenix »

The post about Linus being approached by the NSA isn't true. It's a misunderstanding at a conference where when asked, Linux said no, while nodding yes.
Additionally, NSA has to open-source to make any commits to the linux kernel, or to even have it be used the the majority of the community. Be rest assured that the code contributed has been scrutinized and looked at, many times over.

IRC: firepup | Time to hack Puppy!

Post Reply

Return to “Users”