SystemD NSA backdoor?

Discussion in 'all things UNIX' started by SuperSapien, Jul 12, 2015.

  1. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    I watched a video on YouTube and somebody mentioned something about a NSA approved applications now I'm no programer but that sounds like government agencies could force a backdoor into different apps, which from what little I know could potentially be exploited by blackhats as well. I'll leave the links bellow. But what's your thoughts?

    https://youtu.be/6TmRHd27_ww?t=388

    https://ma.ttias.be/whats-new-systemd-2015-edition/
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    NSA isn't just about spying and sabotage, although I don't blame you for thinking that. They also have a duty to help defend the nations networks by approving apps and providing guidelines. An NSA approved app doesn't mean it has a backdoor in it.
     
  3. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Honestly I don't believe there the boogeyman nor would I deny they serve a purpose but if you suffer from paranoia like I do, things like this set off an alarm and makes me ask why do certain apps need approval by government agencies? I know that things becoming a lot more extreme regarding cyber crime but I'm having difficulty understanding why this part of systemd. Is because the nature of GNU Linux being a hacker/tinkerer friendly environment and thus making it a little bit like the wild west of operating sytems?

    I know most hacker prefer GNU Linux or BSD because the freedom it offers but that also includes blackhats and they of course develop & publish there own malicious tools through the underground/darkweb. That's my best guess why this is part of systemd.
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    systemd isn't that bad, it's actually pretty good at what it does. And it's GPL, so any programmer can look at the code.

    Using systemd on Linux is a good choice because otherwise you might have to consider the BSD's, which as you know have proprietary code running (firmware in the Kernel). The vanilla Linux Kernel also has closed-source firmware in the kernel (which makes me ask why hasn't Linus been sued so far), but there are free Distros that remove these firmware blobs, such as ***pure*** Debian (using the "Main" repository), and the ones listed here: https://www.gnu.org/distros/free-distros.html
     
  5. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    to me its like these websites that display a "Google Trusted" icon.
     
  6. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    624
    Location:
    United States
    The NSA developed SELinux though from my understanding it's been open source for years now.
     
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    That's correct, but SELinux is so complex I wouldn't doubt that it's quite easy to hide a backdoor there.
     
  8. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    624
    Location:
    United States
    Fortunately the NSA is not on my list of possible paranoia.
     
  9. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Weird. Than what is?

    ~ Removed Off Topic Remarks ~
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    If you suffer from paranoia, then there's no reason to go into a technical discussion.
    As for something being approved, that does not translated into anything
    Could NSA do XYZ? Yes they could. But so could a big meteor strike Earth.
    It falls within the same realm of 'could'.
    Mrk
     
  11. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    624
    Location:
    United States
    What is weird about my post? There is absolutely nothing that would make me of interest to them or any other law enforcement agency - foreign or domestic.

    I have some level of paranoia about malware. The biggest reason I use Fedora is the built in security features.

    Fedora Security Features Matrix https://fedoraproject.org/wiki/Security_Features_Matrix
     
    Last edited by a moderator: Jul 18, 2015
  12. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    Very bad comparison. NSA and other such governmental agencies of many countries can/could and do/did many things. It's enitrely possible for them to put backdoor in a complex piece of software, maybe in the form of intentional bugs which they can exploit later. They certainly have the reason to do such things. The big meteor has no such reason for wholesale killing of helpless people.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    You have watched too much TV. For them to put ... where? How exactly? It's not magic. It's just code.
    Have you read Snowden thingies. Literally all of the 'hacking' was putting boxes into data centers.
    There was no code or such. Just adding your appliance into a rack and harvesting traffic.

    Mrk
     
  14. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Of course it isn't magic, we're dealing with HUMANS. Just to read and analize True Crypt's source code took what, more than 70.000 dollars and a handful of experts? Imagine what would take to read just Linux's (the Kernel) source code, which has almost 20 million lines of code. Making it more difficult: reading SELinux's code, which many developers/readers said it's waay to complex and could potentially hide unknown vulnerabilities.

    There's no way we can or will read the entire source code of every piece of software we use, we simply trust others. Heck, even OpenSSL, which was supposed to have thousands of people reading the code, had a major vulnerability that aparently no one could see.

    It is possible for the NSA to put a backdoor even on GPL software. There's no reason to discard such scenario. Lack of evidence doesn't mean lack of existance.
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    I am not discarding it. It is possible. So it is for a meteor to destroy our planet.
    Mrk
     
  16. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Exactly which is part of what bothers me because we have a lack of accountability and oversight for authorities just look at the police and how they abuse there power because of this. And its not like the police are bad its just part of are missed up society and if you suffer from mental health issues like I do then your more likely to be hassled by authorities, just look at all the violence most of it is done by mentally ill people and naturally the authorities are going to be on alert for those type of people just like with blackhats and the fact that a lot of use Linux. Also lets not forget about journalist, activist & watchdogs and how they've been targeted over the years by authorities. The problem isn't authorities but are societies corruption that needs to be changed.;)
     
    Last edited: Jul 22, 2015
Loading...