PDA

View Full Version : Unix Backdoor: Are Our Mac safe with Unix?




Jordan72
Dec 11, 2005, 11:07 AM
I checked out this Unix link.

http://catb.org/~esr/jargon/html/U/Unix-conspiracy.html

Does anyone "know" if there is a backdoor? I don't think it matters if it's labeled a conspiracy, because conspiracy theories are only labeled conspiracy by people who neither know if a theory is true or not. These people can't prove the theory to be true, but this doesn't prove the theory not to be true, thus they find themselves floundering in the realm of conspiracy. To prove a theory not true, you have to show why it would be impossible for the theory to be true, which would mean proving no back door could physically exist. Does anyone know how to prove Unix is not possible to have a backdoor or can anyone prove Unix does have a backdoor?


I'm sure Microsoft and Apple would both create a backdoor atleast by covert government mandate, but how could we know for sure either way? That would require the logic above, prove a backdoor impossible or prove there is one.

Now that I've set the subject matter at hand, here is my main question: what is the basic description of an OS design that logically ensures the highest amount of security? We are dealing with physical laws here, which are finite, so there is a solid logical answer.

I'm looking for people to throw ideas for discussion here, as well as intelligently critique others ideas.

Here's my whack at it: Create an open source, simplistic Protect OS that you can sit Unix and other systems on top of. All protected files would be on the partition of the Protect OS without a backdoor. Now I'm sure the processor still could recieve commands in any case to read a "protected partition", but this is where encrytion and a physical start up disk should guard pretty well against that. As well as a buffer zeroing function for added security. Let me know your ideas and your critiques.



greatdevourer
Dec 11, 2005, 11:26 AM
UNIX may well have a backdoor, but when you take into the fact that the only UNIX Apple have ever released was for 68ks, I'd say we're safe

robbieduncan
Dec 11, 2005, 11:31 AM
UNIX may well have a backdoor, but when you take into the fact that the only UNIX Apple have ever released was for 68ks, I'd say we're safe

WTF? OSX is a Unix. Even Apple think so (http://www.apple.com/macosx/overview/advancedtechnology.html). That said this really not a worry. OSX is based on a free BSD base. All the source is available to be examined. An backdoor would be obvious.

greatdevourer
Dec 11, 2005, 12:03 PM
WTF? OSX is a Unix. Even Apple think so (http://www.apple.com/macosx/overview/advancedtechnology.html). That said this really not a worry. OSX is based on a free BSD base. All the source is available to be examined. An backdoor would be obvious. No, not UNIX. Darwin is not UNIX. Linux is not UNIX. BSD is not UNIX. Solaris is not UNIX. They are *NIXs - UNIX clones

savar
Dec 11, 2005, 12:39 PM
No, not UNIX. Darwin is not UNIX. Linux is not UNIX. BSD is not UNIX. Solaris is not UNIX. They are *NIXs - UNIX clones

Technically that's true, but it doesn't stop Apple from calling themselves the #1 distributor of Unix.

Back to the original question: I've not looked at the source code for Mach, BSD, or Darwin, but since its all open and available I'd be shocked if somebody slipped a back door in there and nobody ever noticed.

Either way, I don't intend to break any major laws, so if the government spies on me and I'm none the wiser what's the big deal?

Edit: Oops, I re-read the first post and saw what the actual question was:

Now that I've set the subject matter at hand, here is my main question: what is the basic description of an OS design that logically ensures the highest amount of security? We are dealing with physical laws here, which are finite, so there is a solid logical answer.

The highest amount of security is to unplug the computer and lock it in safe. Underground. With motion sensors. And armed guards. Even then its still accessible. You could destroy the drive platters, but somebody could reassemble them given enough time.

For practical security, there is one important variable: who has direct access to the computer? If you can sit down in front of a computer for a few minutes while nobody is watching, there isn't much you can't do. Any OS X passwords can be undone by booting from the install CD. Easier yet, hook the target computer up to a laptop using target disk mode, and skip the password altogether. You can encrypt your files, but somebody can just brute force them later. (Although the excessive time it takes to do so is a good disincentive.)

Remote security is much more realistic. Run a firewall which blocks all ports which aren't explicitly needed. Add a NAT router to confuse things even more. Any services which are running, make sure they are written to enforce system-wide security standards. Buffer overflows can be prevented by running on hardware which prevents stack smashing. (I think Intel is headed in that direction.) Honestly, I feel pretty good about my remote security right now.

Jordan72
Dec 11, 2005, 01:13 PM
Either way, I don't intend to break any major laws, so if the government spies on me and I'm none the wiser what's the big deal?

Good point. But, maybe you are working on a proprietary project and you need to access the Internet. You're not breaking the law, but a backdoor means others can force access to your project, which is breaking the law.

bousozoku
Dec 11, 2005, 02:15 PM
No, not UNIX. Darwin is not UNIX. Linux is not UNIX. BSD is not UNIX. Solaris is not UNIX. They are *NIXs - UNIX clones

Then, you'd better tell IBM, HP, Sun, and others not to pay their UNIX licensing fees.

Even AT&T UNIX is different from itself, depending on era. BSD is based on version 7 UNIX, but is AT&T code free, hence, FreeBSD.

The various commercial UNIXes were supported by AT&T as part of a consortium to bring strength to the UNIX market. If Solaris and Irix were good enough for AT&T, shouldn't they be good enough for you?

On the original topic, considering that everything is out in the open, any backdoor would have been exploited by now. In the 1970s, there were several minor exploits using backdoors which never really made it to the news because computer crime wasn't a hot topic.

However, for those picking up Mac OS X and its betas from P2P, they take a huge risk of having a backdoor added to their systems.

greatdevourer
Dec 11, 2005, 02:29 PM
Then, you'd better tell IBM, HP, Sun, and others not to pay their UNIX licensing fees They do have the UNIX kernel, as does A/UX et al. However, the OSS "UNIXs" do not

bousozoku
Dec 11, 2005, 03:14 PM
They do have the UNIX kernel, as does A/UX et al. However, the OSS "UNIXs" do not

Since IBM made some BSD-style modifications to the kernel for information collection, does it still have a UNIX kernel?