[CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.

Jonathan Billings billings at negate.org
Sun Apr 16 12:59:17 UTC 2017


On Apr 16, 2017, at 6:53 AM, ken <gebser at mousecar.com> wrote:
> Years ago it was revealed that one of the linux developers inserted an exploit into the gcc code which, when the login code was compiled, would give him access to any system running it, effectively every linux system.  This exploit was in the linux code for a long time and was never discovered.  It was revealed only by the developer himself, and only because he was retiring.  Point is: Code is often complex, especially that written in C (or C++ and others), so much so that an exploit can be written into it and not discovered for a long time, or ever. This is yet another argument against systemd: it would be much easier to hide an exploit in it than in a handful of bash scripts.


When you say “one of the linux developers”, you mean Ken Thompson?

http://wiki.c2.com/?TheKenThompsonHack <http://wiki.c2.com/?TheKenThompsonHack>

This story predates Linux, and describes a problem with any potential software.  

You realize ‘bash’ could be just as malicious as systemd in this scenario?  Are you meticulously going through *it’s* source code in your version of the world?  Note:  bash is not written in bash.

--
Jonathan Billings <billings at negate.org>





More information about the CentOS mailing list