Re: OT: systemd Poll - So Long, and Thanks for All the fish.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 04/15/2017 04:46 AM, Pete Biggs wrote:
Not wishing to extend this thread further, but ...

There are conspiracy theories out there that the NSA is involved with
bringing systemd to Linux so they can have easy access to *"unknown"*
bugs - aka backdoors - to all Linux installations using systemd *[1]*.
They're conspiracy theories, and that's it.

Hmm. That's not quite it. Wikileaks recently posted a trove of docs on CIA exploits. It was big news. I'm surprised you missed that. And, yes, the exploits also include more than a few against linux. Go to their site and look under vault7. Or search for "linux" or "redhat"... you'll get hundreds of hits. Here's just one: https://wikileaks.org/spyfiles4/documents/FinSpy-3.10-User-Manual.docx (If you have only a few seconds to look at it, see page 34.)


The bottom line is that in
general people don't like not understanding things and when they come
across something they don't understand they create a mythology around
those things to rationalise their non-understanding.

True, but that "mansplanation" can point in a lot of ways, including at Pollyanna.


....
Systemd is complex; it's implementation was badly handled on a social
level. Nevertheless it is open source. It is highly unlikely that the
NSA, or any other agency, would risk putting in backdoors to code that
could be audited by Joe "random hacker" Blogs, let alone that might be
discovered by hostile agencies.

Years ago it was revealed that one of the linux developers inserted an exploit into the gcc code which, when the login code was compiled, would give him access to any system running it, effectively every linux system. This exploit was in the linux code for a long time and was never discovered. It was revealed only by the developer himself, and only because he was retiring. Point is: Code is often complex, especially that written in C (or C++ and others), so much so that an exploit can be written into it and not discovered for a long time, or ever. This is yet another argument against systemd: it would be much easier to hide an exploit in it than in a handful of bash scripts.

There is no doubt that most security agencies have a long list of zero-
day exploits in their toolbox - I would hazard to suggest that they
wouldn't be doing their job if they didn't! But I seriously doubt they
would commission exploitable code in something that is openly
auditable.

P.

P., I used to think that too... indeed, I was thoroughly convinced of it. But reality changed my mind.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux