On Sun, 2017-04-16 at 06:53 -0400, ken wrote:
On 04/15/2017 04:46 AM, Pete Biggs wrote:
Not wishing to extend this thread further, but ...
There are conspiracy theories out there that the NSA is involved with bringing systemd to Linux so they can have easy access to *"unknown"* bugs - aka backdoors - to all Linux installations using systemd *[1]*.
They're conspiracy theories, and that's it.
Hmm. That's not quite it. Wikileaks recently posted a trove of docs on CIA exploits. It was big news. I'm surprised you missed that. And, yes, the exploits also include more than a few against linux.
That's not what I said - I said that the security agencies writing backdoors into systemd was a conspiracy theory. I said later that they have exploits as part of their toolkit. I'm surprised you missed that part when you replied to it ...
Years ago it was revealed that one of the linux developers inserted an exploit into the gcc code which, when the login code was compiled, would give him access to any system running it, effectively every linux system. This exploit was in the linux code for a long time and was never discovered. It was revealed only by the developer himself, and only because he was retiring. Point is: Code is often complex, especially that written in C (or C++ and others), so much so that an exploit can be written into it and not discovered for a long time, or ever. This is yet another argument against systemd: it would be much easier to hide an exploit in it than in a handful of bash scripts.
Perhaps bash is exploitable - designed to hide the malicious code put into the init.d scripts by the NSA.
P.