Skip site navigation (1)Skip section navigation (2)
Date:      10 Oct 2001 12:02:08 -0400
From:      Lowell Gilbert <lowell@world.std.com>
To:        freebsd-chat@FreeBSD.ORG
Subject:   Re: Code 'auditing' (was Re: code density vs readability)
Message-ID:  <44adyzeb5r.fsf@lowellg.ne.mediaone.net>
In-Reply-To: Paul Robinson's message of "Wed, 10 Oct 2001 14:35:20 %2B0100"
References:  <9ptk3o$14kg$1@FreeBSD.csie.NCTU.edu.tw> <44d73xt0y9.fsf@lowellg.ne.mediaone.net> <0110090955220A.07185@prime.vsservices.com> <448zejljtz.fsf@lowellg.ne.mediaone.net> <20011010143520.A68224@jake.akitanet.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Paul Robinson <paul@akita.co.uk> writes:

> On Oct 10, Lowell Gilbert <lowell@be-well.ilk.org> wrote:
> 
> > > There was at one time a hole in emacs that would let you write system files.  
> > > This was about 8 or 9 years ago I belive.
> > 
> > Impossible.  emacs runs with user privileges, so no hole in it could
> > have any effect like this.
> 
> It's improbable, not impossible. Nothing is impossible when it comes to
> security. Just very unlikely. As for emacs running with user privileges,
> well... we were originally talking about running emacs as root. Go figure.

It may not be impossible that you could have a security problem where
emacs would let you write files you shouldn't be able to, but that would
be a security hole in the operating system, not in emacs.

And, yes, we *were* originally talking about running emacs as root, and I
addressed that point separately, but in my personal opinion, it is not a
bug for emacs to allow the editing of system files if the user running
emacs is, in fact, root.  Call me funny that way.

> > The original concern, about whether emacs could have malicious code
> > shipped with it, is more realistic.  I think it's not worth worrying
> > about, because there really are more eyes on the code, on a more
> > regular basis, than the original poster realized.
> 
> Ahhh - the 'more eyes are a good thing argument' - one of my favourite
> arguments about security of open source code. You see, the problem is, it's
> not actually relevant.

I had specific pairs of eyes in mind.  Some of them could be considered
to be conducting formal audits.  I do, however, agree with your point
that sheer numbers of eyes are not especially helpful.  The original
poster made a related, but slightly different point, which is that the
number of people who *really* tried to look at some pieces of the emacs
code may be quite small anyway.

> It's not just PGP either - every piece of software you run, you assume to be
> security hole free because with your argument 'there are enough eyes looking
> at it for me' - not a very security concious stance.

Source to which I have access is better than source I don't, for a
variety of reasons, of which "number of eyes" is a real, but not very
important one.  All other aspects that contribute to security are
orthogonal to whether the source is open or not, and my best evidence is
that much open software today actually does fairly well on such things.

 - Lowell

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44adyzeb5r.fsf>