Date: 10 Oct 2001 12:02:08 -0400 From: Lowell Gilbert <lowell@world.std.com> To: freebsd-chat@FreeBSD.ORG Subject: Re: Code 'auditing' (was Re: code density vs readability) Message-ID: <44adyzeb5r.fsf@lowellg.ne.mediaone.net> In-Reply-To: Paul Robinson's message of "Wed, 10 Oct 2001 14:35:20 %2B0100" References: <9ptk3o$14kg$1@FreeBSD.csie.NCTU.edu.tw> <44d73xt0y9.fsf@lowellg.ne.mediaone.net> <0110090955220A.07185@prime.vsservices.com> <448zejljtz.fsf@lowellg.ne.mediaone.net> <20011010143520.A68224@jake.akitanet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Robinson <paul@akita.co.uk> writes: > On Oct 10, Lowell Gilbert <lowell@be-well.ilk.org> wrote: > > > > There was at one time a hole in emacs that would let you write system files. > > > This was about 8 or 9 years ago I belive. > > > > Impossible. emacs runs with user privileges, so no hole in it could > > have any effect like this. > > It's improbable, not impossible. Nothing is impossible when it comes to > security. Just very unlikely. As for emacs running with user privileges, > well... we were originally talking about running emacs as root. Go figure. It may not be impossible that you could have a security problem where emacs would let you write files you shouldn't be able to, but that would be a security hole in the operating system, not in emacs. And, yes, we *were* originally talking about running emacs as root, and I addressed that point separately, but in my personal opinion, it is not a bug for emacs to allow the editing of system files if the user running emacs is, in fact, root. Call me funny that way. > > The original concern, about whether emacs could have malicious code > > shipped with it, is more realistic. I think it's not worth worrying > > about, because there really are more eyes on the code, on a more > > regular basis, than the original poster realized. > > Ahhh - the 'more eyes are a good thing argument' - one of my favourite > arguments about security of open source code. You see, the problem is, it's > not actually relevant. I had specific pairs of eyes in mind. Some of them could be considered to be conducting formal audits. I do, however, agree with your point that sheer numbers of eyes are not especially helpful. The original poster made a related, but slightly different point, which is that the number of people who *really* tried to look at some pieces of the emacs code may be quite small anyway. > It's not just PGP either - every piece of software you run, you assume to be > security hole free because with your argument 'there are enough eyes looking > at it for me' - not a very security concious stance. Source to which I have access is better than source I don't, for a variety of reasons, of which "number of eyes" is a real, but not very important one. All other aspects that contribute to security are orthogonal to whether the source is open or not, and my best evidence is that much open software today actually does fairly well on such things. - Lowell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44adyzeb5r.fsf>