Skip Navigation

Privacy @lemmy.ml

awiteb @lemmy.4rs.nl

6mo ago

2013

NSA Asked Linus Torvalds To Install Backdoors Into GNU/Linux

falkvinge.net /2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux/

repost from: https://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux

61 comments

The story does not tell us how Linus Torvalds responded to the NSA, but I’m guessing he told them he wouldn’t be able to inject backdoors even if he wanted to, since the source code is open, and all changes to it are reviewed by many independent people.
Yeah I'm guessing the answer would be more colorful based on the historical data we have
- based on the historical data
  https://github.com/corollari/linusrants
  
  There aren't enough swear-words in the English language, so now I'll have to call you perkeleen vittupää just to express my disgust and frustration with this crap.
  Beautiful
  
  https://github.com/corollari/linusrants
  This is beautiful. Thank you! lol
- Also experience shows that it's possible to backdoor software in very subtle ways that could go years without anyone spotting them. So if he had decided to he probably could have done it, despite Linux being open source.
- I would pay money to see daddy Linus flip off some big shot intelligence official
- Oh man would die to see his reply. It would probably start with something like
  "The fact that I have to explain this to a person who works in a national security agency makes me really worried..."

Ohh so it's the NSA that my failed sudos are reported to!
- Recent versions of sudo changed that message and now I'm sad 😢
  
  Damn, I'm going to miss those messages one day on my Debian stable server.
- Switch to doas so feds don't get any more reports!
  
  nah, we have run0 at home

I somehow misread that as NBA, and was very confused what basketball had to do with OS backdoors
NSA makes
WAY more sense
- Michel jordan want to look at your browser history :D
  
  Nope this has Kareem written all over it
  
  No, that's Mark McGwire.
- I read it NASA at first
- A OS backdoor is very simular to a backdoor cut, which allows a player to sneak behind defenders when they are focused on the ball or player with a ball.
  NBA coaches have taken inspiration from many different places to perfect their plays. Computer security is just another step.
- they wanted to cut to the basket behind the defense

Years ago there was a commit to the Linux kernal that strangly had no author. This got some attention of several of the developers.
Looking into the code that had to deal with network transmission. there was a section that if you tried to get network access in a unusual way had a check that was written something like this.
If (usr_permission = ROOT) ... Instead of If (usr_permission == ROOT) ...
The first giving the user root if invoked and the second checking to see if the user was root.
It's widely thought this was the NSA or some other intelligence agency trying to backdoor lin Linux.
- The other side of that coin is the NSA developing SELinux
  
  This is because NSA has two roles: eavesdropping on foreign adversaries, and protecting our internal systems from adversaries. Under the first role, they might introduce an exploit known only to themselves. Under the second, they help protect US systems from exploits known to others.
- Or it could of been any person or country. It was a nothing burger and is still a nothing burger
  
  It was clearly an attack. By who is unknown.
  Notably this was in 2003 before git (2005) so linux source was in a central bitkeeper repo. So a commit with no associated data about who did it should not have been possible.
  Here is a more detailed article. https://lwn.net/Articles/57135/
  
  speaking in burger terms as any good american
- fork the kernel and yeet it?
  
  It was caught and never made it in the kernel.

This incident will be reported

he wouldn’t be able to inject backdoors even if he wanted to, since the source code is open
Jia Tan has entered the chat
- The project contains binary blobs anyway so theoretically it wouldn't be super hard

But nobody's going to give them any sentence for that unfortunately.
- I wouldn't be surprised if I knew that the backdoors that appear in Windows were designed by someone. I didn't know they were this brazen.
  
  chips too
  
  I didn't know they were this brazen.
  Oh boy i remember when i was this innocent
- For what? Destabilizing the whole technological ecosystem of the planet is not a crime. ¯(ツ)/¯

As long as the backdoor is licenced GPL what's the problem?

good thing he's not an American citizen
- Except he is. He lives in portland now afaik
  
  it's over

Here's where Linus did/said the thing. (He is the second person from the right.)
https://www.youtube.com/watch?v=7gRsgkdfYJ8

When was the last analysis of the linux kernel source code ?

If you want t see Mr. Torvalds questioning this in the video in the link, go straight to minute 43.
- What Mr torvalds is that?
  
  Dad.

Circa 1975, IBM proposed the cipher now called DES, the Data Encryption Standard. It became a worldwide standard for secret key encryption. As IBM originally designed it, DES had a 64-bit key. The National Security Agency (NSA) required that the key be reduced from 64 bits to 56 bits, with the other 8 bits used as a checksum. This made no sense. If a checksum were really needed, then the key could be increased from 64 to 72 bits. It was widely believed that the real reason the NSA made this demand was that it knew how to crack messages using a 56-bit key, but not messages using a 64-bit key. This proved to be true.
Secret Key Cryptography by Frank Rubin

Lol good year for the NSA

- Who pissed on your chips, Mr. Grumpy?
- You really took the time to comment and complain that you’ve already seen this? You’re… upset that your time was wasted?
  Buddy. Cmon.

61 comments