Date: Thu, 16 May 2002 07:24:44 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Terry Lambert <tlambert2@mindspring.com> Cc: Matthew Emmerton <matt@gsicomp.on.ca>, freebsd-hackers@FreeBSD.ORG Subject: Re: national security backdoor in FreeBSD. Message-ID: <30546.1021526684@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 15 May 2002 21:57:03 PDT." <3CE33C1F.A547AE4D@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3CE33C1F.A547AE4D@mindspring.com>, Terry Lambert writes: >Matthew Emmerton wrote: >> > There is a backdoor in all versions of FreeBSD that are not compiled >> > from source code within portmapper and telnetd. >> >> Hmm. Let's check out this logic. The binaries that ship on the FreeBSD >> distros are compiled from source. When I upgrade my system, I compile from >> source. And the backdoor only exists in binaries that are not compiled from >> source. So where do these binaries-with-no-source come from? Oh, I know! >> Carnivore detects FreeBSD ISO downloads, and tells the Magic Lantern >> software on my ISP's servers to change the binaries inside the ISO images >> that I FTP. Makes perfect sense! > >Bell Systems Technical Journal, July-August 1978, "On the Security >of UNIX.", D. M. Ritchie. > >They hacked the compiler to hack the passwd program when it was >being compiled, and also to hack the compiler to include hacks >to the compiler and the passwd program when the compiler itself >was being compiled. Sigh. Wrong reference. That was from Brians ACM Turning award thankyou-presentation. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30546.1021526684>