Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] Re: SUSE Firewall primitive shadow of ZoneAlarm in interactive user-control
- From: Anders Johansson <andjoh@xxxxxxxxxx>
- Date: Fri, 24 Mar 2006 22:31:39 +0100
- Message-id: <200603242231.39639.andjoh@xxxxxxxxxx>
On Friday 24 March 2006 21:52, Orn E. Hansen wrote:
> Backdoors have been notorious in Unix systems. I've got one notorious
> one in mind, that was inbedded into the C compiler itself when compiling
> "login.c".
[...]
> Has little to do with the design of the system. It has a lot more to do
> with how the Linux community is, as in open source and regular updates. A
> program pretending to be "bash" shell for example, is not going to live
> long, because its going to be removed and reinstalled pretty regularly.
> And trying to put something inside a ".profile" script or similar, is
> likely to be discovered as most Linux users are enthusiasts that are
> fiddling with these things all the time. As in this community a source
> code is likely to be scrutinized by many, especially on volatile systems.
I believe you were referring to this:
http://www.acm.org/classics/sep95/
and one of Thompson's points was that you can't even trust the source
--
Certified: Yes. Certifiable: of course!
jabber ID: anders@xxxxxxxxxx
> Backdoors have been notorious in Unix systems. I've got one notorious
> one in mind, that was inbedded into the C compiler itself when compiling
> "login.c".
[...]
> Has little to do with the design of the system. It has a lot more to do
> with how the Linux community is, as in open source and regular updates. A
> program pretending to be "bash" shell for example, is not going to live
> long, because its going to be removed and reinstalled pretty regularly.
> And trying to put something inside a ".profile" script or similar, is
> likely to be discovered as most Linux users are enthusiasts that are
> fiddling with these things all the time. As in this community a source
> code is likely to be scrutinized by many, especially on volatile systems.
I believe you were referring to this:
http://www.acm.org/classics/sep95/
and one of Thompson's points was that you can't even trust the source
--
Certified: Yes. Certifiable: of course!
jabber ID: anders@xxxxxxxxxx
| < Previous | Next > |