[Dshield] SuSe Backdoors?

Johannes B. Ullrich jullrich at sans.org
Tue Mar 2 03:20:18 GMT 2004


> I've heard rumors that SuSe has built-in backdoors,

Heard from whom? The MSFT salesguy ;-)...

I don't know of any backdoor in SuSe or any other Linux
distribution. While it is of course possible (I haven't
reviewed the code), it is unlikely, given that the source
code is open. 

SuSe comes precompiled for various platforms. So unlike source 
based distros (gentoo, debian), you will have to do some extra
work to make sure that nothing changed in the process of 
compilation. However, the exact source code used to build SuSe
is available for review (and to rebuild it to make sure that
the binaries you got are actually based on just this source code).

Ok. this has OS trashing potential. But anybody here remember
the Microsoft 'nsa-key' fiasco ;-).




-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040301/d963b2f8/attachment.bin


More information about the list mailing list