this post was submitted on 01 Dec 2024
76 points (95.2% liked)

Showerthoughts

29879 readers
830 users here now

A "Showerthought" is a simple term used to describe the thoughts that pop into your head while you're doing everyday things like taking a shower, driving, or just daydreaming. A showerthought should offer a unique perspective on an ordinary part of life.

Rules

  1. All posts must be showerthoughts
  2. The entire showerthought must be in the title
  3. Avoid politics
    • 3.1) NEW RULE as of 5 Nov 2024, trying it out
    • 3.2) Political posts often end up being circle jerks (not offering unique perspective) or enflaming (too much work for mods).
    • 3.3) Try c/politicaldiscussion, volunteer as a mod here, or start your own community.
  4. Posts must be original/unique
  5. Adhere to Lemmy's Code of Conduct

founded 2 years ago
MODERATORS
quinten
vatlark
forkball
Thekingoflorda
76
With 1000+ Linux distros, it seems like there'd be one with backdoors clandestinely created and distributed by the NSA. (self.showerthoughts)
submitted 2 days ago by no_effing_merlot to c/showerthoughts
21 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 49 points 2 days ago (4 children)

That would be too obvious and thus ineffective. In reality it is more likely that they have inserted bugs into various open source software covertly, like we saw with xz.

[–] Hugin 2 points 1 day ago

There was at least one attempt. Back before git the linux kernel was in 1 central repo. There was also a backup repo. It was compromised with a very clever backdoor.

The backdoor was caught but only because it didn't have a reference to the mainline repo.

if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL;

Note the user uid is being set (=) to root instead of being checked(==) for root.

The full story.

https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-attempt-of-2003/

[–] x00z 7 points 2 days ago (1 children)

Looking at leaks of the past, it's probably more likely that they have an arsenal of bug exploits instead of backdoors when it comes to opensource stuff.

[–] [email protected] 2 points 2 days ago

Yeah actually that makes more sense than what I originally said. The US is one of the main buyers of gray-market zero day bugs, way cheaper and less risk than trying to covertly implement bugs.

[–] habitualTartare 19 points 2 days ago

More likely it's probably a non-free repository that many people choose to use like an Intel driver or something.

[–] [email protected] 3 points 2 days ago

Exactly. You have to put yourself in the perpetrator's mindset