this post was submitted on 07 Apr 2024
239 points (95.8% liked)

Linux

48031 readers
1225 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I have been thinking about self-hosting my personal photos on my linux server. After the recent backdoor was detected I'm more hesitant to do so especially because i'm no security expert and don't have the time and knowledge to audit my server. All I've done so far is disabling password logins and changing the ssh port. I'm wondering if there are more backdoors and if new ones are made I can't respond in time. Appreciate your thoughts on this for an ordinary user.

you are viewing a single comment's thread
view the rest of the comments
[–] VinesNFluff@pawb.social 47 points 7 months ago (1 children)

Cheeky answer:

Actual answer:
Theoretically anyway, open source software's guarantee of "no backdoor" is that the code is auditable, and you could study it and know if it has any holes and where. Of course, that presumes that you have the knowledge AND time to actually go and study thousands of lines of code. Unrealistic.
Slightly less guaranteed but still good enough to calm my mind, is the idea that there is a whole-ass community of people who do know their shit and who are constantly checking this.

Do note that like. Closed source software is known to be backdoored, only, the backdoors are mostly meant for either the owners of the software (check the fine print folks) or worse, the governments.

The biggest thing that you should note is that: It is unlikely that you (or I or most of the people here) are interesting enough that anyone will actually exploit those vulnerabilities to personally fuck you over. Your photos aren't interesting enough except as part of a mass database (which is why Google/Facebook want them). Same for your personal work data and shit.

Unless those backdoors could be used to turn your machine into a zombie for some money-making scheme (crypto or whatever) OR you're connected to people in power OR you personally piss off someone who is a hacker -- it is very unlikely you'll get screwed over due to those vulnerabilities :P

[–] bigmclargehuge@lemmy.world 19 points 7 months ago (1 children)

Just a point to add: this backdoor was (likely) planned years in advance; it took ONE guy a couple weeks (after the malicious code was released) to find it because he had nothing else going on that evening.

I'm relatively confident that the FOSS community has enough of that type of person that if there are more incidents like this one, there's a decent chance it'll be found quickly, especially now that this has happened and gotten so much attention.

[–] Tlaloc_Temporal@lemmy.ca 2 points 7 months ago

Even better: there are also backdoors in closed-source software that will never be found. There may be fewer backdoors inserted, but the ones that get in there are far more likely to stay undiscovered.