Message-ID: <446C59B8.1060402@aitel.hist.no>
Date: Thu, 18 May 2006 13:25:44 +0200
From: Helge Hafting <helge.hafting@aitel.hist.no>
User-Agent: Debian Thunderbird 1.0.7 (X11/20051017)
MIME-Version: 1.0
To: Chase Venters <chase.venters@clientec.com>
CC: =?UTF-8?B?TcOlbnMgUnVsbGfDpXJk?= <mru@inprovide.com>,
       linux-kernel@vger.kernel.org
Subject: Re: Wiretapping Linux?
References: <4469D296.8060908@perkel.com> <Pine.LNX.4.61.0605161100590.27707@chaos.analogic.com> <Pine.LNX.4.64.0605161052120.32181@turbotaz.ourhouse> <yw1xodxx1znc.fsf@agrajag.inprovide.com> <Pine.LNX.4.64.0605161541390.32181@turbotaz.ourhouse>
In-Reply-To: <Pine.LNX.4.64.0605161541390.32181@turbotaz.ourhouse>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1164
Lines: 30

Chase Venters wrote:

>
> Yeah, so to wrap this malware conversation up -- the most effective 
> way to implant malicious code in Linux is to crack into developer 
> machines and sneak the changes in.
>
> And hope that someone doesn't notice.

The maintainer will.  Over and over, we see maintainers tell developers
to fix their patch - often the problem is something as small as
"bad withespace" or "stupid name for a variable".

Now try to get a backdoor in, and see the maintainer get a fit over
the changes that are clearly unrelated to the problem mentioned
in the changelog.

And if you succeed with the spyware anyway, then someone will notice
the strange packets going out.  That you cannot prevent, and it will then
be tracked down.  Or you get a backdoor in?  It will be found as soon as
it sees some use, or likely earlier with all the more or less automated
vulnerability chacking going on.

Helge Haftinjg

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/