The Java/jvm platform being widely deployed all over the world, from company servers to personal computers, and with recent revelations about the NSA approaching Linus to backdoor the linux kernel, I kept thinking the jvm is a natural target for the NSA.<p>What are the chances of this "backdooring operation" being successful?
If you take Java bytecode to be the attack surface, it is probably less likely than that a complex, microcode-based CPU instruction set contains a back door because it is hard to smuggle a multi-instruction side effect into an open source bytecode interpreter. Other attacks like an undocumented jni call are also difficult to conceal. That leaves things like network libraries, and most of those are an interface to protocols, leaving not much room for shenanigans, IF the source is available and build-able.
Depends on whether you're talking about an OpenJDK you compiled yourself, or an official binary distribution.<p>The latter would be much easier for someone to backdoor.