this post was submitted on 23 Oct 2024
421 points (97.5% liked)

Linux

48413 readers
1268 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (3 children)

Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times... Doesnt mean it has to be russians that need to be excluded idk

[–] [email protected] 20 points 1 month ago

Yes, not only is it realistic, it has actually happened. It's easier to write code than understand it. Even when reviewing code, you miss more or less obvious issues. Not to mention intentional vulnerabilities that can be sneaked in over multiple commits and time span long enough to make reviewers forget the larger context.

[–] [email protected] 6 points 1 month ago

There will be a million security issues across all OSS. Some of it will be intentional; if so definitely don’t expect it to be a “findable” back door. It will be a set of vulnerabilities across several projects, that when combined allow the perpetrators privilege-escalations or a known path through a security system. Removing “Russians” from contribution doesn’t actually stop that, everyone can use a VPN and work as an American or whatever, but it does send a signal.

[–] [email protected] 1 points 1 month ago (1 children)
[–] [email protected] 3 points 1 month ago

This might not be super useful if you don't write code but I always found the contest submissions fun to read and try to figure out for the https://www.underhanded-c.org/ contest.

They break down and explain the runner up and finalist for each year and how the attack works. It's usually something very subtle that most people wouldn't catch.