Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Jul 2008 14:54:05 -0400
From:      Wesley Shields <wxs@FreeBSD.org>
To:        Chris Palmer <chris@noncombatant.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: BIND update?
Message-ID:  <20080709185405.GJ92109@atarininja.org>
In-Reply-To: <20080709183325.GE55473@noncombatant.org>
References:  <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> <17cd1fbe0807090909i566e1789s6b7b61bf82dd333e@mail.gmail.com> <4874ECDA.60202@elvandar.org> <4874F149.1040101@FreeBSD.org> <17cd1fbe0807091027n6af312cbwab3d3277f2b5e081@mail.gmail.com> <20080709181515.GG92109@atarininja.org> <20080709183325.GE55473@noncombatant.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 09, 2008 at 11:33:25AM -0700, Chris Palmer wrote:
> Wesley Shields writes:
> 
> > In the security world there is a balance which must be maintained between
> > providing information to consumers so that they may plan accordingly, and
> > not providing too much information so that the attackers can write
> > exploits; this is the sensitive nature of the information which often
> > leads to opaque processes by security teams around the world.
> 
> http://en.wikipedia.org/wiki/Kerckhoffs'_principle
> 
> Malware authors create exploits based on information they gleaned by reverse
> engineering the binary patches released by Microsoft. They are able to get
> these exploits into the wild before everyone has even had a chance to apply
> the patches, even though the patching is (semi-)automated.

I'm well aware of that, as I have many friends who do this for a living
(legitimate businesses).  I'm also not sure how this applies since the
project is open source - the fix is published at the time of the patch,
so there's no reverse engineering to do.  If anything this illustrates
that patches should be applied in a timely manner in an open source
project, since the window you are describing is effectively zero.

> Not only is there no security through obscurity, there isn't even any
> obscurity. :)

The point is to not give hints about where in the code the problem lies
while at least being able to give the consumers of FreeBSD a chance to
plan around any potential bugs.  Given the sensitive nature of the
issue, and the fact that some things are under NDA, I'm not entirely
sure it is a good idea.  I'd like to see a more transparent process
without causing any harm to it, but I'm not sure how to do that right
now.

Despite me wanting to see this happen I think these issues are too big
to overcome without more thought.  I'm considering this issue closed for
now.

-- WXS



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080709185405.GJ92109>