From owner-freebsd-hackers  Wed May 15 21:57:39 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84])
	by hub.freebsd.org (Postfix) with ESMTP id 4C14E37B409
	for <freebsd-hackers@freebsd.org>; Wed, 15 May 2002 21:57:36 -0700 (PDT)
Received: from pool0568.cvx40-bradley.dialup.earthlink.net ([216.244.44.58] helo=mindspring.com)
	by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2)
	id 178DKX-0006kV-00; Wed, 15 May 2002 21:57:34 -0700
Message-ID: <3CE33C1F.A547AE4D@mindspring.com>
Date: Wed, 15 May 2002 21:57:03 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Matthew Emmerton <matt@gsicomp.on.ca>
Cc: freebsd-hackers@freebsd.org
Subject: Re: national security backdoor in FreeBSD.
References: <3CE295EC.6030603@cogeco.ca> <009c01c1fc95$74fd0470$1200a8c0@gsicomp.on.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Matthew Emmerton wrote:
> > There is a backdoor in all versions of FreeBSD that are not compiled
> > from source code within portmapper and telnetd.
> 
> Hmm.  Let's check out this logic.  The binaries that ship on the FreeBSD
> distros are compiled from source.  When I upgrade my system, I compile from
> source.  And the backdoor only exists in binaries that are not compiled from
> source.  So where do these binaries-with-no-source come from?  Oh, I know!
> Carnivore detects FreeBSD ISO downloads, and tells the Magic Lantern
> software on my ISP's servers to change the binaries inside the ISO images
> that I FTP.  Makes perfect sense!

Bell Systems Technical Journal, July-August 1978, "On the Security
of UNIX.", D. M. Ritchie.

They hacked the compiler to hack the passwd program when it was
being compiled, and also to hack the compiler to include hacks
to the compiler and the passwd program when the compiler itself
was being compiled.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message