Pranav wrote:Shows how the only way to be secure for defense / government agencies is to use Linux. All updates should be manually examined in detail and compiled inside India by the GoI cyber-security team (which hopefully exists).
Most linux distros allow binary-only device drivers in the system. Lord only knows what people have put in there. And then there was an attempt to introduce a hole into the wait4()
system call in the kernel code a few years ago. Luckily it was caught before too much damage was done, but who knows what else is lurking like this. Link to the hack attempt
in case you guys are interested in the actual code inserted. Note that this person who inserted the code did it very cleverly, so that if the caller passes two special option values which are NOT documented as options to be used in the wait4()manual page
, the call returns immediately an error code (EINVAL), but also upgrades the caller to root privileges. And the attacker put extra parens around the expression, so that the shady expression (using = instead of == in the if statement) would not cause the C compiler to issue a warning about the expression.
Also, how do you trust the C compiler that you're using to build your OS?? Maybe the backdoor is in there. You might wish to read Ken Thompson's speech called "Reflections on Trusting Trust", where he described a backdoor he'd put into UNIX a long time ago, which went undetected for years (Ken Thompson was one of UNIX's creators). What he'd done was modify the login program to allow anyone who knew a special password to log into the system, regardless of whether they had an account on the system or not. So you figure that you can recompile the login program from the C source code and it should be fixed, right? Well, he put a few lines of code into the C compiler so that it would recognize that it was compiling the login program and reinsert the backdoor
into it. So now you figure you have to recompile the C compiler from sources. Well, he put some additional code into the C compiler so that it would recognize that it was compiling itself and reinsert the login backdoor code as well as the code to recognize it was compiling a C compiler
back into it. Once he'd crocked the compiler's binary code, he removed the malicious source code from the C compiler and login program and recompiled everything so that the only traces of his hack were in the C compiler binary executable and the source code had no traces of his backdoor.
If you want an OS distro that doesn't allow binary only drivers into the kernel, look no further than http://www.openbsd.org/