Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Oct 2001 14:35:20 +0100
From:      Paul Robinson <paul@akita.co.uk>
To:        Lowell Gilbert <lowell@be-well.ilk.org>
Cc:        GB Clark II <gclarkii@vsservices.com>, freebsd-chat@FreeBSD.ORG
Subject:   Code 'auditing' (was Re: code density vs readability)
Message-ID:  <20011010143520.A68224@jake.akitanet.co.uk>
In-Reply-To: <448zejljtz.fsf@lowellg.ne.mediaone.net>; from lowell@be-well.ilk.org on Wed, Oct 10, 2001 at 09:12:56AM -0400
References:  <9ptk3o$14kg$1@FreeBSD.csie.NCTU.edu.tw> <44d73xt0y9.fsf@lowellg.ne.mediaone.net> <0110090955220A.07185@prime.vsservices.com> <448zejljtz.fsf@lowellg.ne.mediaone.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 10, Lowell Gilbert <lowell@be-well.ilk.org> wrote:

> > There was at one time a hole in emacs that would let you write system files.  
> > This was about 8 or 9 years ago I belive.
> 
> Impossible.  emacs runs with user privileges, so no hole in it could
> have any effect like this.

It's improbable, not impossible. Nothing is impossible when it comes to
security. Just very unlikely. As for emacs running with user privileges,
well... we were originally talking about running emacs as root. Go figure.
 
> The original concern, about whether emacs could have malicious code
> shipped with it, is more realistic.  I think it's not worth worrying
> about, because there really are more eyes on the code, on a more
> regular basis, than the original poster realized.

Ahhh - the 'more eyes are a good thing argument' - one of my favourite
arguments about security of open source code. You see, the problem is, it's
not actually relevant.

The majority of people out there are, quite simply, not very good at writing
code. Most of us are actually pretty terrible at maintaining other people's
code. The chances of you finding a hole in somebody else's code is, well,
quite slim really. I can look at code, and I can see something that *might*
be a problem. I can then spend hours and hours tracing it back to find where
some user-defined data could actually tickle that problem in such a way as
to make it something worth reporting. However, I rarely do this with other's
code, and I bet not many others do it either.

It's like the argument that PGP must be secure because it's open source and
anybody could see any backdoors in there. Firstly, hands up everybody here
who really understands crypto that well to know whether a mathematical
algorithm has been implemnted in such a way that there are no flaws.
Secondly, how many of you have read the source code in it's entirety to the
version of PGP you are running and checked that there are no backdoors? So,
finally, we're left with the rest of you who don't know crypto that well,
and/or who haven't checked the PGP source for backdoors. To you (the
majority of you I suspect), I ask - how do you know the PGP development team
aren't lying to you? Did you go to school with them so you trust them?

It's not just PGP either - every piece of software you run, you assume to be
security hole free because with your argument 'there are enough eyes looking
at it for me' - not a very security concious stance.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011010143520.A68224>