On Tue, 25 Feb 2003 18:54:21 +0000 Paul Cooke <paul.cooke100@blueyonder.co.uk> wrote:
On Tuesday 25 February 2003 00:41, zentara wrote:
Don't sweat yet, it's still very hard to do, and you are more likely to get a worm or trojan from precompiled rpm's from unknown sources. I worry alot about that. I assume the big distributions are pretty honest, but they could easily slip back doors into their rpms if they wanted( or were secretly asked to by governments, in the "interest of national security", of course.).
If they do try it, they will probably do a very good job of it, since they aren't hackers, they can afford the best programmers. So things would be well hidden, and you would have to be very smart to detect it. Probably alot of assembly level stuff, writing invisible files to empty disk space, and reading it off when you go online. Hmm, sounds like WindowsXP, :-).
Question... how could they do this and still get away with it... they have to provide the source code and it would only take someone to compile the source code and get different code to that supplied in the precompiled binary rpm for the gaff to be blown... If they provided the code with the actual back door in it then someone who was curious could easily stumble on it as well.
Putting backdoors into an entirely binary, closed source, operating system is a whole different kettle of fish...
Well I said the danger is in the precompiled binaries. Even with the source code, how many people actually check every line of c code? All they have to do to mess up the binary rpm, is to alter the source code and recompile the rpm, then put the "untouched good source" into the source rpms. So you go get the source rpm and it looks clean, but you have a tampered binary. How many people are just installing binary rpms without question? Do they get the source rpm's and do a check? Probably less .01 percent. Another worry which is gaining attention is switching DNS servers to feed you bad code. Say for instance, some evil person on the network, knows you go to "such and such mirror" to get your binary rpms. When you login they could redirect to a bogus nameserver, which will send you to a "bogus mirror" of the real site, filled with tampered rpms. Then once they know you've downloaded their worm, they let you connect again to the real site. The original site is totally innocent. How often do you check the md5sums of the files you download from a mirror, against the md5sums listed on the original server? With all the electronic switching going on, some agent in Washington, can issue a signal, so that when you call a number to your ISP, you are actually being switched to a big phony ISP, which simulates your ISP, and can redirect you to bogus DNS servers, and possibly gain peer-2-peer access into your computer. I'm not saying it's happening, but it's a real danger. Furthermore, we are all taught to trust the authorities starting in gradeschool, so suggestions of the above, is usually met with shouts of "the government wouldn't do that !!". Which makes it harder to discuss. -- use Perl; #powerful programmable prestidigitation