Quoting Toby Corkindale (toby@dryft.net):
Or the Debian maintainers could just "inadvertently" introduce the code themselves and no-one would notice for two years. http://article.gmane.org/gmane.linux.debian.security.announce/1614
I'll cite my prior mailing list posts from elsewhere, to save time. (Please pardon the mild scatological reference.) Date: Tue, 10 Sep 2013 18:02:14 -0700 From: Rick Moen <rick@linuxmafia.com> To: pigdog@lists.pigdog.org Subject: Re: [Pigdog] spock attack on civilization Organization: If you lived here, you'd be $HOME already. X-Mas: Bah humbug. Quoting Trevor Johnson (trevor@jpj.net):
Rick Moen wrote:
Suborning corporate crypto was a pretty obvious step, I'd say.
Let's not forget CVE-2008-0166, a backdoor in Debian/Ubuntu that remained undiscovered for 20 months. Fun slideware: https://trailofbits.files.wordpress.com/2008/07/hope-08-openssl.pdf
Kurt Roeckx's good-faith effort to fix OpenSSL RNG spaghetti code[1] was not 'a trapdoor', but rather an unsuccessful effort to polish the turd that is OpenSSL.
I found this message interesting: http://www.mail-archive.com/freebsd-security@freebsd.org/msg04439.html
Well, yeah. That whole thread is spot-on. [1] http://www.peereboom.us/assl/assl/html/openssl.html Date: Tue, 10 Sep 2013 13:07:47 -0700 From: Rick Moen <rick@linuxmafia.com> To: linux-elitists@zgp.org Subject: Re: [linux-elitists] Surveillance Organization: If you lived here, you'd be $HOME already. X-Mas: Bah humbug. Quoting Eugen Leitl (eugen@leitl.org):
Consider all the crypto-related fubars in Debian. So far I chalked that up to incompetence, but now I do wonder. It would be good to do some forensics on the checkins that caused the regressions, and identify the culprits.
In the case of the much-ballyhooed inadvertent sabotaging of the RNG in the Debian/Ubuntu OpenSSL package[1], I think many commentators don't sufficiently appreciate just how bad the spaghetti-code problem in upstream OpenSSL is. Those who ascribe malice to Kurt Roeckx for his good-faith effort to fix truly messed-up C code are being, IMO, a bit idiotic and are missing the real problem entirely. [1] http://lwn.net/Articles/282038/