Does 5.10 is secure?

igadoter · 03-09-2021, 07:57 AM

I just found how many commits made Huawei into kernel source. This article makes me laugh https://news.itsfoss.com/huawei-kernel-contribution/ here I read

Quote:

Of course, this is a good reputation for the employers and also says a lot about the companies putting strong effort for Linux Kernel development, which is always a good thing.

but several paragraphs later

Quote:

Due to its close ties with the Chinese Communist Party (CCP), suspicious activities and espionage accusations, Huawei has turned pariah in the tech world today.

I am just paranoic about 5.10 kernel and it seems I try to justify my paranoia. Nonetheless it is good to know. Next step will be to allow commits from CIA, NSA, all kind of Russian secret services

Jan K. · 03-09-2021, 08:20 AM

So... you're saying "bad things" have been placed inside kernel? Like... what?

Something the maintainers let pass?

Any chinese company is owned by chinese government.

hazel · 03-09-2021, 08:20 AM

I wouldn't trust Huawei further than I could throw them. But given the way that code is scrutinised and chewed over by the kernel hackers, I doubt if they could smuggle in any really bad stuff.

jsbjsb001 · 03-09-2021, 08:22 AM

Well, it's not as if it's hard to find what Huawei has "contributed" to the kernel, and it's not like Windows where the average joe can't see what's there and who's "contributed it".

https://git.kernel.org/pub/scm/linux...=200&showmsg=1

It's also not a good idea to be on the bad side of the CCP if you're a Chinese company, even if you're a billionaire. Ask Jack Ma, oh that's right, where is he?

DavidMcCann · 03-09-2021, 11:58 AM

And you notice that all the contributions made by Huawei seem to have been checked by a member of the kernel team. Personally, I'd trust Huawei over Google and Oracle any day.

wpeckham · 03-09-2021, 01:16 PM

If, however, you are really worried you might look into using the BSD kernel and THAT security.

rkelsen · 03-12-2021, 03:20 AM

Quote:

Originally Posted by igadoter

I am just paranoic about 5.10 kernel and it seems I try to justify my paranoia. Nonetheless it is good to know. Next step will be to allow commits from CIA, NSA, all kind of Russian secret services

Your fears are unfounded. You have access to the source code. You can chop out the parts you don't want, or simply leave them out of your kernel.

pan64 · 03-12-2021, 07:53 AM

Quote:

Originally Posted by DavidMcCann

Personally, I'd trust Huawei over Google and Oracle any day.

hm. I'm not really sure about that.

igadoter · 03-12-2021, 08:32 AM

I was thinking little. Huawei also manufactures devices. I think that combination kernel on Huawei device can be compromised. Smartfone - on top is Android in the middle Linux kernel + patches needed device to work. All equipment provided for 5g network. Point here is that people trust Linux. So if device runs Linux - it can be trusted. And it can be very difficult to find connections between device provider and Huawei.

hazel · 03-12-2021, 08:36 AM

Well, that's the firmware, isn't it! It's an old grouse and not only on phones. Computers nowadays come with so many "engines" that the users have no control over whatever. The Linux kernel sits on top of all that and who knows if it is being given correct information, or if its instructions to the hardware are actually executed as intended?