The NSA backdoor in "Linux"

July 16th, 2014 by Jacob Barkdull

Considering that the Linux kernel (the only component Linus has any kind of control over), the software from the GNU Project, and all of the most popular third-party software available for GNU/Linux is all free and open source, it is ridiculous that people can even believe the notion that Linus Torvalds, solely, could put a backdoor in "Linux."

Free and open source software obviously makes a clandestine backdoor very difficult.

There's also the fact that any kind of backdoor in a kernel wouldn't amount to much when most user-space software that initiates kernel actions wouldn't be affected. It's important to remember that Linux can't do most tasks without user-space software, let alone those necessary for a backdoor. For example, the ext4 filesystem libraries and the GNU C Library, as well as the -- often proprietary binary blob -- networking, SATA and video drivers, are all necessary components for a backdoor and would all have to be affected.

Which, again, would not only be a very difficult task, but also one that Torvalds would play a minuscule role in.

I would be more concerned about another possible, more likely, and more viable backdoor vulnerability. That being user-space software. It would be easier to put a backdoor in something like OpenSSL (when it wasn't well maintained), and it would be far more useful to put a backdoor in something like the various filesystem libraries, the GNU C Library, GCC, GIMP, Firefox, or Webkit, as those are used not only on desktop GNU/Linux, but on Android, OS X, BSD, iOS, and Windows as well.

Let's not forget about SELinux, the Linux kernel module developed and maintained by the NSA that sees very wide use across distributions. Since most people already use SELinux, the NSA wouldn't even have to approach Torvalds to get a backdoor into Linux. However, again, SELinux is free and open source, the NSA couldn't put a backdoor in it without people noticing.

All of this is inconsequential, anyway, as Torvalds clarified in September of last year that he was, in fact, joking.

The NSA never actually approached him. Despite what his father says.


On the Blog RSS

May 9th, 2021

GNOME 40 is finally out and I'm happy to say a small contribution of mine made it into the release. My contribution adds a new feature to GNOME System Monitor version 40. Few articles about GNOME 40 mention it, but some power users might find my contribution useful.

November 15th, 2019
If you leave this option checked when you export your image, any pixels you erased will be saved in the exported image. They will not be truly erased, just made fully transparent. In other words, the data that describes the color of each pixel will be preserved, they will just be made invisible. This option has privacy implications. With it enabled, what you erase from an image may still be present in transparent pixels.
May 2nd, 2015

Over the past few days I've been in talks with a nice fellow named Kamil Jablonski, a concept artist, graphic designer, and web developer who recently contributed a Polish locale for HashOver. He shared with me a logo design for HashOver, that after some back and forth became, in my opinion, a very cool design.

Subscribe to Newsletter

Want to get the latest news and updates about my software, blog posts and behind the scenes information? Than subscribe to my newsletter to stay up-to-date!