Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] our friend the nsa



john saylor wrote:
> think about open source for a moment. also, i do not think linus [or
> linux] can be subject to an NSA security letter as he is not a US citizen.

He resides on US soil. This makes him subject to US laws.

> but it would be easy to fork any open source project and make the
> modifications you would like on it.

Why fork? There's already a pile of NSA-written or NSA-sponsored code in 
the main line Linux kernel and common libraries. Examples include 
OpenSSL and SELinux.

Just because the source code is available does not mean that those who 
look at the code can recognize weaknesses and back doors. And even if 
they could, it's no guarantee that the code they see won't acquire 
weaknesses when compiled. There's a class of kernel vulnerabilities that 
on paper cannot be exploited but become exploitable due to GCC 
optimizations at compile time (like the cheddar /dev/net/tun exploit).

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org