[linux-elitists] Dateline April 12, 2001 Microsoft: Closed source is more secure

Aaron Sherman ajs@ajs.com
Wed Aug 15 09:13:57 PDT 2001


On Wed, Aug 15, 2001 at 09:04:26AM -0700, Aaron T Porter wrote:
> On Wed, Aug 15, 2001 at 08:02:29PM +1000, Jeff Waugh wrote:
> > <quote who="Aaron Lehmann">
> > 
> > > BTW, does anybody know if this has *ever* happened? Some histroical
> > > precedent would be interesting. In theory, such a backdoor wouldn't
> > > last long, and its existance time should be inversely proportional to
> > > the popularity of the project (Mozilla DOES NOT COUNT).
> > 
> > Thanks to Telsa, who pointed this one out to me:
> > 
> >   http://linuxtoday.com/news_story.php3?ltsn=2001-08-07-011-20-SC
> 
> 	The example I was thinking of was the Trojaned tcp_wrappers
> incident.
> 	http://www.cert.org/advisories/CA-1999-01.html

Yeah, basically, there's no known version of any program that has made
it into a Linux or *BSD distribution with a back-door in the last 15
years. I think the last occurance of that was the c-compiler/login
back-door that dmr did back in the mists of time. Of course, proving
that that kind of back door doesn't exist in Linux, *BSD or Windows
would be very hard, since source code reviews WILL NOT catch it....

If you get CVS updates and run them on production hardware you get
what you might expect (99.999% of the time, just bugs), but people
who sell Linux distributions take this sort of thing VERY seriously.

-- 
Aaron Sherman
ajs@ajs.com		finger ajskey@b5.ajs.com for GPG info. Fingerprint:
www.ajs.com/~ajs	6DC1 F67A B9FB 2FBA D04C  619E FC35 5713 2676 CEAF
  "I've committed many sins. Have I dispelased you, you feckless thug?"
   -President Bartlet, ``The West Wing''



More information about the linux-elitists mailing list