On Apr 16, 2017, at 6:53 AM, ken <geb...@mousecar.com> wrote: > Years ago it was revealed that one of the linux developers inserted an > exploit into the gcc code which, when the login code was compiled, would give > him access to any system running it, effectively every linux system. This > exploit was in the linux code for a long time and was never discovered. It > was revealed only by the developer himself, and only because he was retiring. > Point is: Code is often complex, especially that written in C (or C++ and > others), so much so that an exploit can be written into it and not discovered > for a long time, or ever. This is yet another argument against systemd: it > would be much easier to hide an exploit in it than in a handful of bash > scripts.
When you say “one of the linux developers”, you mean Ken Thompson? http://wiki.c2.com/?TheKenThompsonHack <http://wiki.c2.com/?TheKenThompsonHack> This story predates Linux, and describes a problem with any potential software. You realize ‘bash’ could be just as malicious as systemd in this scenario? Are you meticulously going through *it’s* source code in your version of the world? Note: bash is not written in bash. -- Jonathan Billings <billi...@negate.org> _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos