From owner-freebsd-chat Wed Oct 10 7:58:27 2001 Delivered-To: freebsd-chat@freebsd.org Received: from guru.mired.org (okc-65-31-203-60.mmcable.com [65.31.203.60]) by hub.freebsd.org (Postfix) with SMTP id 0814337B408 for ; Wed, 10 Oct 2001 07:58:17 -0700 (PDT) Received: (qmail 2345 invoked by uid 100); 10 Oct 2001 14:51:30 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15300.24690.349262.482484@guru.mired.org> Date: Wed, 10 Oct 2001 09:51:30 -0500 To: Paul Robinson Cc: Lowell Gilbert , GB Clark II , freebsd-chat@FreeBSD.ORG Subject: Re: Code 'auditing' (was Re: code density vs readability) In-Reply-To: <20011010143520.A68224@jake.akitanet.co.uk> References: <9ptk3o$14kg$1@FreeBSD.csie.NCTU.edu.tw> <44d73xt0y9.fsf@lowellg.ne.mediaone.net> <0110090955220A.07185@prime.vsservices.com> <448zejljtz.fsf@lowellg.ne.mediaone.net> <20011010143520.A68224@jake.akitanet.co.uk> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Paul Robinson types: > On Oct 10, Lowell Gilbert wrote: > > The original concern, about whether emacs could have malicious code > > shipped with it, is more realistic. I think it's not worth worrying > > about, because there really are more eyes on the code, on a more > > regular basis, than the original poster realized. > Ahhh - the 'more eyes are a good thing argument' - one of my favourite > arguments about security of open source code. You see, the problem is, it's > not actually relevant. Depends on what level you're talking about. You're right that it won't prevent security bugs. On the other hand, it has already closed back doors. > It's like the argument that PGP must be secure because it's open source and > anybody could see any backdoors in there. Firstly, hands up everybody here > who really understands crypto that well to know whether a mathematical > algorithm has been implemnted in such a way that there are no flaws. Ok, my hand is up. The question you're asking isn't really a crypto question, though. I can't analyze an algorithm for cryptographic flaws - which is where the crypto knowledge comes in. Given an algorithm, I can verify that it's implemented correctly. I do know crypto well enough to find the algorithms I need to check. > Secondly, how many of you have read the source code in it's entirety to the > version of PGP you are running and checked that there are no backdoors? My hand is still up. > It's not just PGP either - every piece of software you run, you assume to be > security hole free because with your argument 'there are enough eyes looking > at it for me' - not a very security concious stance. No, I don't assume that. Anybody who does is foolish. Your argument about programmer quality is a good one. The claim isn't that many eyes leads to no, or even few, bugs. The claim is that many eyes lead to shallow bugs. On the other hand, people have planted backdoors in open source software, and have been caught doing it. If it had been commercial software, they probably wouldn't have been caught, as finding backdoors is much harder if you have to publish the source. That's what's really relevant - are you going to install a backdoor and then risk it being found by someone casually perusing the source? If there are no people casually perusing the source, that's not an issue. Of course, if part of what you're publishing is the build tool chain, it's possible to provide a backdoor that only appears in the binaries. Inserting it into a system distributed like FreeBSD would be an interesting problem, though. http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message