On Fri, 27 Feb 2004 23:54, Leonard den Ottolander <leonard@xxxxxxxxxxxxxxxxx> wrote: > How well scrutinized is this NSA code actually? Everybody can see they > won't slip in an obvious backdoor, but how about nasty little overflows, > tucked away deep inside the code, for which they already have exploits > in their drawer? If you create an account on a free mail service and send in a patch to Linus that looks good there's a chance that it will get accepted. If the NSA people were going to do something nasty why would they do it in code that's got their name on it when they could send in code from random_user@xxxxxxxxxxx? Also the SE Linux kernel code is written in a clearer style than most kernel code. If you want to audit code for correct operation the SE Linux code will be easier than most. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
