[TriLUG] Green Hills calls Linux 'insecure' for defense
Chris Knowles
chrisk at trilug.org
Mon Apr 12 21:10:48 EDT 2004
On Mon, 2004-04-12 at 20:49, Mike M wrote:
> On Mon, Apr 12, 2004 at 06:54:20PM -0400, Rick DeNatale wrote:
> > This is not at all an argument against open source, just a more
> > sophisticated view of the role of source in security auditing.
>
> Requesting more clarity here please. I can't tell what is open or
> closed in your description: the compiler source, the source the compiler
> is compiling, or both, or neither.
<SNIP>
Both are open.
And he shouldn't have presented it as if this were theoretical wanking.
Ken Thompson actually did this.
http://www.catb.org/~esr/jargon/html/B/back-door.html
And yup, it's fiendish and really scary. But I'm not convinced that OSS
is more vulnerable to this than say certain proprietary network hardware
OS's. (*cough* CISCO *cough*)
CJK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040412/298534dd/attachment.pgp>
More information about the TriLUG
mailing list