Backdoors in Linux?

[Mike3]

So, I read some articles regarding backdoors into Linux.

Here it states that there was a security issue in kernels: 5.10-rc4, 5.4.66, and 5.9.8:

https://www.zdnet.com/article/linux-ker ... ck-memory/

So were earlier and later kernels affected or are the in the clear?

And then I read that NSA put things into the openSSL

https://forums.linuxmint.com/viewtopic.php?t=214987

And it states kernels 3.8 and higher are affected, but then someone wrote that it has been fixed. So If I use a kernel between 3.10 and 5.xx should I be fine? Or do I have to fix it?

https://www.cyberciti.biz/faq/linux-cve ... aNycGzNBlE

Apparently also a company connected to Huawei put in some buggy code that could be used to spy I read also.

But isn't it very hard to put things into Linux that are backdoors and spyware since it is open source and hence the code can be seen by anyone.

https://www.quora.com/Does-the-NSA-have ... r-to-Linux

And some people at a university at a Spanish university said grub2 could be compromised by hitting enter like 24 times I read.

And some dude write: "I attended a presentation a few years ago, where the presenter claimed that a significant number of patches to OpenSSL/SSH originated at the NSA. OpenSSL/SSH is the package providing security for most Linux machines."

What?

[GMBudwrench]

https://www.theverge.com/2021/4/22/2239 ... n-research

Someone posted about this ^^^^^ earlier this year. The particular kernel was pulled off and replaced by a different version, by Oz, if I'm not mistaken.

[Mike3]

But now it seems NSA has it code in all Linux kernels. This would be through the SELinux thing, which they originated and according to wikipedia:

The NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000.[6] The software was merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003

And then it seems the NSA helped write code for the Android OS:

https://qz.com/102346/no-wonder-china-i ... urce-code/

I mean it is possible that NSA actually did something good that is not spyware but wouldn't it be better if someone rewrote that part of the kernel I mean there must be people around with knowledge on how to make kernels secure and all that.

And if someone did that, could we have an app or script or thing to exchange the NSA code in existing kernels or something?

Also I read that it loggs info, does that mean it stores stuff?

Considering that SELinux is a kernel module, it can log everything — all allowed and denied requests. Detailed logging is also required to troubleshoot issues. It is important to define logging requirements and tune the system to reduce performance impact.
[/quite]

From here:

https://capsule8.com/blog/selinux-a-boon-or-bane/

[backi]

I anyway always thought even Linus Thorwald is most probably Member of the "Club".
Controlled Opposition .......The famous good Cop ( Linus Thorwald )....bad Cop (Bill Gates) Game.
There is no such Thing as "Privacy".......mere Illusion.

[Feek]

Positive on it is that they are only articles.
I didn't find a mention that a specific user(s) would get into trouble.

[Phoenix]

The post about Linus being approached by the NSA isn't true. It's a misunderstanding at a conference where when asked, Linux said no, while nodding yes.
Additionally, NSA has to open-source to make any commits to the linux kernel, or to even have it be used the the majority of the community. Be rest assured that the code contributed has been scrutinized and looked at, many times over.