On 2019-06-03, Josef Pospisil <j_pospi...@outlook.com> wrote: > Hey, thank you all for this mailing list. > > I have a question regarding the security of OpebBSD.
You can't really trust an answer to this question. What if somebody put in a backdoor but they're the person who answers saying everything's fine? > I am asuming that linux has some mathematics and logic that lets you > get into every system just for e.g. because of portknocking! > That opens an Interface for people that know the system to do > everything! I also think that linux is not beeing verified ragarding > these paid programer backholes. > > Can someone be that kind and explain to me if the whole code of OpenBSD > was checked at least once since the openBSD was founded? That there are > no backholes like i was describing? OpenBSD's own code generally gets a fair bit of review (and, importantly, tries to avoid practices which are considered unsafe). One can't say the same about all 3rd party code in the OS (including the compiler toolchain) though obviously we try to avoid junk software. The existence of bugs like "heartbleed" shows that code review doesn't always find things in time anyway. Was it a backdoor or "just a bug"? Who can tell? And on another level there are various CPU bugs like the Intel ones that have been discovered over the last couple of years, it all comes down to "who do you trust?" Also see Ken Thompson's classic paper, "Reflections on Trusting Trust", especially the moral.
