Thread: Does kernel 2.6 include an NSA backdoor?
View Single Post
  #28 (permalink)  
Old 03-05-2008, 06:37 PM
The Ghost In The Machine
Guest
  
Posts: n/a
Default Re: Does kernel 2.6 include an NSA backdoor?
In comp.os.linux.advocacy, Chris Mattern
<syscjm@sumire.gwu.edu>
wrote
on Wed, 05 Mar 2008 16:30:30 -0000
<slrnfstil6.ga2.syscjm@sumire.gwu.edu>:
> On 2008-03-05, Roy Schestowitz <newsgroups@schestowitz.com> wrote:
>>
>> It might be more complicated than this. They are said to have back doors in
>> *standard protocols* (Linux included) [1,2,3,4] and these are hard to get by
>
> Linux is not a protocol, standard or otherwise.
>

Linux does have a protocol -- an implied one.
Communications with the Linux kernel are done using a
callgate/trap mechanism; the mechanisms vary between
processors but Linux is clearly creating a protocol, at
least at the call/return level. For example, to open a
file one has to go through the callgate with the parameters
of filename, open mode, and creation mode. (Most app
developers use higher levels which eventually go through
libc's open() call.)

Depending on the callgate mechanism parameters are in
the registers or on the stack, and additional parameters
may be needed either in registers or on the stack; for
example, in Linux/x86 one has to pass a call identifier
(__NR_open, or the constant 5; these are defined in
/usr/src/linux/asm-i386/unistd.h and correlate with a
dispatch table deep in the kernel) in %EAX. The actual
callgate is INT 80H (or int $0x80 in gas syntax).

There are some issues in binary compatibility which I'd
have to look up but at one point Linux was able to run
old SCO Unix binaries.

Parts of this protocol have been standardized, at
the libc level; for example, POSIX.1-2001 specifies
what open() shall be required to do.

X also has a protocol; one big difference between Linux
and X is that X goes a little deeper, specifying the
actual packets. Since the Linux callgate doesn't bother
with packets to do the actual call, no one's gone to that
detail, although in the case of Linux one can specify
packets of variable size (because of pointers), if need be.

It is far from clear how one would infiltrate the Linux
protocol, though an alternate entrance is available,
namely network packet processing. At this point (AFAIK)
the only leveraging (FSVO) was to crash a running kernel
using the teardrop attack.

This Linux protocol can and has been leveraged; the most
obvious application was UML, which could be construed as
"a linux executable emulating a linux system running a
linux kernel". (QEMU and VmWare run at a lower level,
as I understand it. Note that UML also means "universal
modeling language", which can get a bit confusing.)

--
#191, ewill3@earthlink.net
Linux. Because it's there and it works.
Windows. It's there, but does it work?

--
Posted via a free Usenet account from http://www.teranews.com


Reply With Quote