4. [20 pts] What security risks must be considered when using an open source kernel such as linux?4. 

Any time you trust the public, there is a chance for something malicious that 
can be either added to the code you download or since linux is free, many people
have had an opportunity to comb through the source and find certain exploits or
bugs.  

In the second case, it is one of the draw backs to having open source.  Many 
people and amatuer programmers have full access to the code. Allowing them to
study both the strenghs and weaknesses in the kernel.  Once a weakness is found,
it makes very easy to write a simple exploit than be ran locally, or even worse
remotely, that will allow the user to gain root access to the system allowing 
them to added back doors to regain access easily and clean up the mess they made
in the system logs leaving the system vulnerable and unnoticed by the 
administrator.

The other kind is malicious code added to the kernel and distributed by a non 
official source.  newer linux users may not now who is "safe" to download kernel
updates from.  Thus allow thier system to be easily entered after the kernel is
installed.  Bad kernel code is not a  "typical" thing to look at when tracing a
break in.  The system logs may even look like a another daemon or application 
was the guilty.  Leaving the system administrator to believe fixing the problem 
with that application fixed his weakness, and ignoring the actualy problem.

Plus, many people, including myself, are not hard-core kernel/c hacks and may 
not even know what the proper code should even look like.  By scanning the code 
looking for the problem, it may jump right out for some, while other users will 
skimm right past it.