|
|
|
|
|
|
by cycomanic
2229 days ago
|
|
|
Actually if you read the grsecurity blog it is much more nuanced then the linked story (and would have been a much better source to link to IMO). In particular they do not insinuate a backdoor. In fact their post is pretty consistent in that they criticize the quality (or lack thereof) and limited understanding of security, which they have done for many others as well. This seems to really be a story blown out of proportion based on the current political climate. I don't believe a similar vulnerability in a patch from cisco, Intel, Google or any of the others (and they had patches which were similarly criticized by grsecurity) would have received a backdoor label in the headlines. That is not to say that we should not strongly scrutinise patches from Huawei. |
|
|
But reading the Grsecurity blog, it becomes even clearer that this is far from production code and would be very far from passing any kind of QC for production code.