Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, I'm using GNU/Linux since 2004 because it helped me having a good sleep. Ok. It is much easier to maintain than Windows was (and is still). No virus, all ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2010
    Posts
    1

    Question The big "open source" question


    Hi,


    I'm using GNU/Linux since 2004 because it helped me having a good sleep. Ok. It is much easier to maintain than Windows was (and is still). No virus, all free, etc.

    But there is something people usually make a big deal about...

    SECURITY (hence, I chose the right place).

    It is believed that Windows and MS products are full of trapdoors, so as NSA can spy us with a lot of ease.

    However, Linux which is developed for free by hackers who give their source codes is supposed to be totally free of trapdoors or other spywares.

    It is said that anyone can check it, since the source code is available.

    But, hey ?! Is there someone here who ever read the full code of his installed distribution ?

    I mean that if we're being very paranoid, then, Goebbels said "The bigger the lie, the more it will be believed."

    Is there somebody actually caring about the true content of all the source code ?

    I guess i'll have to develop my own OS then !

  2. #2
    Linux Engineer GNU-Fan's Avatar
    Join Date
    Mar 2008
    Posts
    935
    Hi,

    Quote Originally Posted by BrandNewColony View Post
    Is there somebody actually caring about the true content of all the source code ?
    No single person can check all the code all the time. But this isn't necessary really.
    First, for bigger projects like the Linux kernel or Debian, you will find tree like hierarchies. It is basically a "tree of trust". You have one or very few people as the root authority. These "roots" accept signed contributions from a couple of dedicated maintainers. These maintainers in turn accept and bundle contributions from other people. The deeper you get, the lesser you have to trust as the code to be checked gets smaller.

    But this is only how a particular development model, namely OpenSource, works. In the free software world, they are others. For example, a given free software project might be developed and maintained by a single entity. Yet I still find myself able to trust them more than proprietary (closed source) developers.
    Why is this? Well, I can trust them because I don't have to. If I become sceptical, I always can check.
    This is in stark contrast to what companies like Apple or MS would ask of me. They are like "Close your eyes and don't you dare to peek!"
    Debian GNU/Linux -- You know you want it.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,709
    GNU-Fan's response was spot-on, IMO. As Bruce Schneier is fond of saying (he's one of the stellar public lights in information security), there is no security in obscurity. People are curious, and often need to know how things work "under the covers" in order to accomplish some other goal of theirs. So, they get the system source code and read it, study it, and analyze it. If there was a trapdoor theirin hidden, chances are someone would detect it and broadcast this to the world.

    The fact of the matter is, is that someone can easily (more or less) insert a trapdoor/backdoor into a linux kernel, and if they have root access to your system, then can install it, possibly without your knowledge. That simply means that YOUR system has been compromised, although the Linux OS itself in general would still be secure and my systems would not be affected as would yours have been.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Newbie
    Join Date
    Oct 2008
    Posts
    153
    I have a great deal of faith that an awful lot of people have shone bright lights into every dark corner of the Linux kernel. No other kernel has been looked at by so many people than ours. They find bugs all the time, how would you hide a rootkit?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •