The NSA backdoor in "Linux"

July 16th, 2014 by Jacob Barkdull

Considering that the Linux kernel (the only component Linus has any kind of control over), the software from the GNU Project, and all of the most popular third-party software available for GNU/Linux is all free and open source, it is ridiculous that people can even believe the notion that Linus Torvalds, solely, could put a backdoor in "Linux."

Free and open source software obviously makes a clandestine backdoor very difficult.

There's also the fact that any kind of backdoor in a kernel wouldn't amount to much when most user-space software that initiates kernel actions wouldn't be affected. It's important to remember that Linux can't do most tasks without user-space software, let alone those necessary for a backdoor. For example, the ext4 filesystem libraries and the GNU C Library, as well as the -- often proprietary binary blob -- networking, SATA and video drivers, are all necessary components for a backdoor and would all have to be affected.

Which, again, would not only be a very difficult task, but also one that Torvalds would play a minuscule role in.

I would be more concerned about another possible, more likely, and more viable backdoor vulnerability. That being user-space software. It would be easier to put a backdoor in something like OpenSSL (when it wasn't well maintained), and it would be far more useful to put a backdoor in something like the various filesystem libraries, the GNU C Library, GCC, GIMP, Firefox, or Webkit, as those are used not only on desktop GNU/Linux, but on Android, OS X, BSD, iOS, and Windows as well.

Let's not forget about SELinux, the Linux kernel module developed and maintained by the NSA that sees very wide use across distributions. Since most people already use SELinux, the NSA wouldn't even have to approach Torvalds to get a backdoor into Linux. However, again, SELinux is free and open source, the NSA couldn't put a backdoor in it without people noticing.

All of this is inconsequential, anyway, as Torvalds clarified in September of last year that he was, in fact, joking.

The NSA never actually approached him. Despite what his father says.

Loading...

On the Blog RSS

May 2nd, 2015

Over the past few days I've been in talks with a nice fellow named Kamil Jablonski, a concept artist, graphic designer, and web developer who recently contributed a Polish locale for HashOver. He shared with me a logo design for HashOver, that after some back and forth became, in my opinion, a very cool design.

September 17th, 2014

It was some time ago when I wrote the original share button for Identi.ca, back then Identi.ca enjoyed quite a lot of traffic and user activity, but more than that it was also developed heavily and was praised by many, including myself, for being technologically impressive whilst allowing easy online conversations and communication.

August 25th, 2014

This may sound like analyzing yesterday's news, but I think it's important, and more than that I need to put this here as a resource to point certain people to.

Subscribe to Newsletter

Want to get the latest news and updates about my software, blog posts and behind the scenes information? Than subscribe to my newsletter to stay up-to-date!