• bamboo@lemm.ee
    link
    fedilink
    arrow-up
    49
    ·
    3 days ago

    That would be too obvious and thus ineffective. In reality it is more likely that they have inserted bugs into various open source software covertly, like we saw with xz.

    • Hugin@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 days ago

      There was at least one attempt. Back before git the linux kernel was in 1 central repo. There was also a backup repo. It was compromised with a very clever backdoor.

      The backdoor was caught but only because it didn’t have a reference to the mainline repo.

      if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL;

      Note the user uid is being set (=) to root instead of being checked(==) for root.

      The full story.

      https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-attempt-of-2003/

    • x00z@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 days ago

      Looking at leaks of the past, it’s probably more likely that they have an arsenal of bug exploits instead of backdoors when it comes to opensource stuff.

      • bamboo@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        2 days ago

        Yeah actually that makes more sense than what I originally said. The US is one of the main buyers of gray-market zero day bugs, way cheaper and less risk than trying to covertly implement bugs.