• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: backdoors
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: backdoors

  • Subject: Re: backdoors
  • From: Jean-Daniel Dupas <email@hidden>
  • Date: Wed, 5 Jan 2011 11:06:46 +0100
Le 5 janv. 2011 à 05:13, Jason Coco a écrit :

> The xnu kernel is written in C with little bits of C++ here and there (like the open bits of IO kit). You shouldn't have to worry about any ObjC code. re: the EFI, I think you definition of 'kernel' may be a bit skewed. Also, back doors tend to be things written in the higher-level software that make up an OS, and not in the kernel (like a master-password that the login app always responds to, etc.). Or possibly things like crypto libraries that always embed a second copy of the key in the key-bag which can be decrypted by a private key that the government has, etc.
>
> You can narrow the scope of your search by focusing on any utility that needs be run as uid 0 and the standard crypto libraries (although with Darwin that's OpenSSH which is quite well peer-reviewed).

Darwin uses its own implementation of CDSA for security, not OpenSSH (even if it reuse some OpenSSH code for cryptographic algorithm implementation).
The Security Framework does not even link to libcrypto and libssl. So checking crytpo library will require more work than just checking OpenSSh code.

> On Jan 4, 2011, at 23:00 , Esteban Vincenzi wrote:
>
>> hi all,
>> do the Darwin kernel has backdoors to any  "spy network"? specially interested in backdoors to any .gov's.

Yes, you can get all technicals and practicals information by searching for backdoor in the Mac OS X Help Manual…

>> not on the mood of solo'ing an audit of ObjC code; specially that there are no decent (or accessible, or known) ObjC references.
>>
>> if there's EFi, enSUI doesn't require a (traditional) kernel.

-- Jean-Daniel




 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >backdoors (From: Esteban Vincenzi <email@hidden>)
 >Re: backdoors (From: Jason Coco <email@hidden>)

  • Prev by Date: Re: backdoors
  • Next by Date: backdoors
  • Previous by thread: Re: backdoors
  • Next by thread: Re: backdoors
  • Index(es):
    • Date
    • Thread