From owner-freebsd-chat Wed Oct 10 6:35:23 2001 Delivered-To: freebsd-chat@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id 5C9E637B401 for ; Wed, 10 Oct 2001 06:35:17 -0700 (PDT) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15rJVr-000CbP-00; Wed, 10 Oct 2001 14:35:07 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15rJW4-000HlC-00; Wed, 10 Oct 2001 14:35:20 +0100 Date: Wed, 10 Oct 2001 14:35:20 +0100 From: Paul Robinson To: Lowell Gilbert Cc: GB Clark II , freebsd-chat@FreeBSD.ORG Subject: Code 'auditing' (was Re: code density vs readability) Message-ID: <20011010143520.A68224@jake.akitanet.co.uk> References: <9ptk3o$14kg$1@FreeBSD.csie.NCTU.edu.tw> <44d73xt0y9.fsf@lowellg.ne.mediaone.net> <0110090955220A.07185@prime.vsservices.com> <448zejljtz.fsf@lowellg.ne.mediaone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <448zejljtz.fsf@lowellg.ne.mediaone.net>; from lowell@be-well.ilk.org on Wed, Oct 10, 2001 at 09:12:56AM -0400 X-Scanner: exiscan *15rJVr-000CbP-00*$AK$lHkm1Wtm9o38pcXD.nmBc0* Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Oct 10, Lowell Gilbert wrote: > > There was at one time a hole in emacs that would let you write system files. > > This was about 8 or 9 years ago I belive. > > Impossible. emacs runs with user privileges, so no hole in it could > have any effect like this. It's improbable, not impossible. Nothing is impossible when it comes to security. Just very unlikely. As for emacs running with user privileges, well... we were originally talking about running emacs as root. Go figure. > The original concern, about whether emacs could have malicious code > shipped with it, is more realistic. I think it's not worth worrying > about, because there really are more eyes on the code, on a more > regular basis, than the original poster realized. Ahhh - the 'more eyes are a good thing argument' - one of my favourite arguments about security of open source code. You see, the problem is, it's not actually relevant. The majority of people out there are, quite simply, not very good at writing code. Most of us are actually pretty terrible at maintaining other people's code. The chances of you finding a hole in somebody else's code is, well, quite slim really. I can look at code, and I can see something that *might* be a problem. I can then spend hours and hours tracing it back to find where some user-defined data could actually tickle that problem in such a way as to make it something worth reporting. However, I rarely do this with other's code, and I bet not many others do it either. It's like the argument that PGP must be secure because it's open source and anybody could see any backdoors in there. Firstly, hands up everybody here who really understands crypto that well to know whether a mathematical algorithm has been implemnted in such a way that there are no flaws. Secondly, how many of you have read the source code in it's entirety to the version of PGP you are running and checked that there are no backdoors? So, finally, we're left with the rest of you who don't know crypto that well, and/or who haven't checked the PGP source for backdoors. To you (the majority of you I suspect), I ask - how do you know the PGP development team aren't lying to you? Did you go to school with them so you trust them? It's not just PGP either - every piece of software you run, you assume to be security hole free because with your argument 'there are enough eyes looking at it for me' - not a very security concious stance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message