[ale] China chooses FreeBSD as basis for secure OS

Charles Shapiro hooterpincher at gmail.com
Wed Oct 13 14:30:50 EDT 2010


Wow, that's so khewl!

I was given to understand that Ken Thompson's idea has not been seen
in the wild.  But then again, that doesn't mean it hasn't happened.

-- CHS


On Wed, Oct 13, 2010 at 2:18 PM, Lightner, Jeff <jlightner at water.com> wrote:
> HP once did a sort of strange loop to one of my former employers accidentally.   They put out a HP-UX patch that changed the way the kernel got recompiled after applying kernel patches.   The patch that did the change installed fine but any subsequent kernel patch would bomb due to errors in the earlier patch that did the change.   In HP-UX one typically applies patch bundles with dozens if not hundreds of patches so determining what broke everything was rather difficult.   You'd see the kernel patch blowup and assume that was the problem but then when you'd remove it and install the rest of the bundle it would blow up on the next kernel patch.
>
> What made all this worse, was the person who initially applied the patch bundle rendered the system she was working on unbootable.   Rather than stopping to troubleshoot she then went ahead and applied the same bundle to the next server and was surprised when it broke too.
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Charles Shapiro
> Sent: Wednesday, October 13, 2010 1:58 PM
> To: rfaulkner at 34thprs.org; Atlanta Linux Enthusiasts - Yes! We run Linux!
> Subject: Re: [ale] China chooses FreeBSD as basis for secure OS
>
> Sure. All you need is source to the compiler they're using, and you
> only need that once.  Ken Thompson described it first.
> ( http://scienceblogs.com/goodmath/2007/04/strange_loops_dennis_ritchie_a.php ).
>
> -- CHS
>
>
> On Wed, Oct 13, 2010 at 1:34 PM, Richard Faulkner <rfaulkner at 34thprs.org> wrote:
>> Okay...this then brings up an interesting proposition.  Is it possible to
>> build a tenable backdoor in a distro that would go unnoticed at source code
>> level?  For security purposes would it be better to develop (as a state)
>> your own updates rather than take distro updates from source?  Could this
>> mark a threat to security as we see it?
>>
>> Please keep in mind that I'm new to Linux and NOT a programmer...more of a
>> designer.
>>
>>
>> -----Original Message-----
>> From: wolf at wolfhalton.info <wolf at wolfhalton.info>
>> Reply-to: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
>> To: mhw at wittsend.com, Atlanta Linux Enthusiasts - Yes! We run Linux!
>> <ale at ale.org>
>> Subject: Re: [ale] China chooses FreeBSD as basis for secure OS
>> Date: Tue, 12 Oct 2010 21:35:02 -0400
>>
>> It would at least be a little more of a challenge than Window$
>>
>> -----Original Message-----
>> From: Michael H. Warfield <mhw at wittsend.com>
>> Reply-to: mhw at wittsend.com, Atlanta Linux Enthusiasts - Yes! We run Linux!
>> <ale at ale.org>
>> To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
>> Cc: mhw at wittsend.com
>> Subject: Re: [ale] China chooses FreeBSD as basis for secure OS
>> Date: Tue, 12 Oct 2010 17:26:40 -0400
>>
>> On Tue, 2010-10-12 at 15:58 -0400, Chuck Payne wrote:
>>> On Tue, Oct 12, 2010 at 3:13 PM, George Allen <glallen01 at gmail.com> wrote:
>>> > Apparently China is moving their entire Dept of Defense to a hardened
>>> > version of FreeBSD.
>>> > http://blogs.techrepublic.com.com/security/?p=1682
>>> > _______________________________________________
>>> > Ale mailing list
>>> > Ale at ale.org
>>> > http://mail.ale.org/mailman/listinfo/ale
>>> > See JOBS, ANNOUNCE and SCHOOLS lists at
>>> > http://mail.ale.org/mailman/listinfo
>>> >
>>
>>> Good Choose.
>>
>> I presume you meant choice and I concur.  Give that some reports are
>> putting the level of Stuxnet infections at over 1 million machines in
>> Iran and more than 6 million machines in China, anything, other that
>> Windows, would be a smooth move.  Nobody really knows who is behind the
>> Stuxnet but I would put it at 99% probability that it's "state
>> sponsored" and the leading contenders are Israel, the US, and Russia.
>> Unfortunately, any of those players are more than capable of building
>> something nasty for FreeBSD or Linux, or even OpenBSD if they really set
>> their minds to it.
>>
>> Regards,
>> Mike
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
> Proud partner. Susan G. Komen for the Cure.
>
> Please consider our environment before printing this e-mail or attachments.
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
> ----------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



More information about the Ale mailing list