I briefly read something about this. Isn’t it open source now?
Yes. It is and always has been. The problem is this: Who is reviewing thousands of lines in presumably C? Not me. Open source CERTAINLY makes it harder to put in a backdoor… but it’s not impossible.
The Linux kernel had a true zero day embedded DEEP in the source. If I remember correctly, it was something like this pseudo code:
user = 0
instead of:
user == 0
Instead of being a comparative statement, it essentially set the user to root through this back door. Nobody found this for a LOOOONG time because it was SO easy to miss among 15 million+ SLOC. That’s scary.
Now, in the case of the NSA… well, they know everything you do anyway, so I don’t REALLY see the harm. But, I will say this:
The NSA had an internal presentation entitled “I hunt sysadmins.” Basically, they’re main target was and always has been sysadmins. Makes sense. You exploit one point and gain access to an entire network. I think that SELinux could have been developed from the start for the purpose of gaining access via backdoor embedded into VERY trusted software.
Mic drop. I’m out.
