msplsh:
This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.
and:
sko:
From el reg: To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it.
So if someone already gained privileges to install anything on one of your machines, it doesn’t matter what it is - this host is compromised and has to be nuked from orbit.
So, unless I’m missing something this is not really about “the Linux kernel devs being compromised by NSA” as much as the endless list of Windows-targetting malware is not about “the NT kernel devs being compromised by NSA”.
If this is the case, this still wouldn’t exclude a NSA compromise though.
There is the ban of Russian contributions.
You can say this is all about politics and the war, but then those politics are clearly aligned with US agencied interests.
American contributions are still allowed despite the US being just as much as if not more of a threat to security and privacy. Just like they’re just as war mongering.
I don’t know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was “right, wrong, or otherwise” at the time it at least seems a far cry from “an NSA compromise”.
What is this backdoor you speak of?
Bvp47
Having not heard of this one, I was curious so checked some sites about it, like:
https://www.reddit.com/r/linux4noobs/comments/kd0yml/does_the_nsa_have_a_backdoor_to_linux_this/
https://www.theregister.com/2022/02/23/chinese_nsa_linux/
https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/
My quick impression from those seems to match what was said by some commenters on the FreeBSD forum - https://forums.freebsd.org/threads/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years.84258/
and:
So, unless I’m missing something this is not really about “the Linux kernel devs being compromised by NSA” as much as the endless list of Windows-targetting malware is not about “the NT kernel devs being compromised by NSA”.
If this is the case, this still wouldn’t exclude a NSA compromise though. There is the ban of Russian contributions.
You can say this is all about politics and the war, but then those politics are clearly aligned with US agencied interests. American contributions are still allowed despite the US being just as much as if not more of a threat to security and privacy. Just like they’re just as war mongering.
I don’t know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was “right, wrong, or otherwise” at the time it at least seems a far cry from “an NSA compromise”.