Date: Fri, 08 Feb 2002 16:56:37 -0700 From: "Charles Burns" <burnscharlesn@hotmail.com> To: anthony@freebie.atkielski.com, wenninger@cox-internet.com Cc: freebsd-questions@freebsd.org Subject: Re: Breaking permissions on Windows 2000 (Server Edition) Message-ID: <F8qwjGHIcrw7pUMMQkO0001c720@hotmail.com>
next in thread | raw e-mail | index | archive | help
> > No, but I trust the source code. > >How can you trust the source code, but not the people who wrote it? I don't see the two as being related. I'm sure that the major FreeBSD programmers are great people, but what does ones personal trustworthiness have to do with the trustworthiness of their products? Their code? I may not know/trust the baker at Jack's Bagel Bistro in Santa Barbara, CA--but that doesn't mean that I can't trust the bagels--especially if I can see the ingredients and make sure there are no bugs in the flower and whatnot (which I can't do at the bagel place, but can do withopen source) Cheesy example, I know. :-) > > Trust, but verify. > >Verification is not a practical goal when millions of lines of code are >involved. One needn't verify the entire thing. I can be reasonably sure that the IDE driver isn't going to open a hole on my all-SCSI server. If I am building a webserver, say, and will have the user sending alot of data to me--I can check myself if bounds checking takes place in the appropriate areas. I may have to sift through some unrealated code, but that's alright. I can also use an open source server built with Java, SML, or even C# which make problems like buffer overflows nearly impossible to do accidentally. With a binary only program, I cannot do that. > > Age old tactic. Not possible with windows. > >And not practical with FreeBSD. There could be a hundred Trojan horses in >the code and you'd never know it, even though you have all the source code. Impractical, which it will not always be, is better than impossible, no? Note that while keeping in mind the security record of Microsoftware. Compare Exchange Server with Qmail or Postfix, for example. > > You can IF you can code. > >No, even if you can code, you cannot. Too much code, too little time, and >typically no documentation. I've actually had to do this sort of thing, >and >unless you can afford to dedicate your life to verifying the code of an >operating system, having the source provides you with no guarantees at all Usually it is the applications and not the OS with the majority of the exploits, but your point still stands. Note that OpenBSD and FreeBSD code (both of which have overlap) is frequently audited. I doubt that the auditors (who are great people for doing something so boring, BTW) dedicate their lives to auditing. It is part of the "more eyes" approach. If even 1% of the users of a network app study the code, which is very conservative considering the average Unix user, that's quite a few people who can notice a potential bug. It works. Most of the bugs found are never actually exploited and are generally never even tested. I remember a year or two ago, an individual volunteered to audit Samba and found (I believe it was) 3 possible security exploits. These were fixed before they were ever taken advantage of. At a commercial software company, these would likely have remained until they were discovered by less friendly folk. > > I'm respected in this business. > >So is Microsoft. Depends on who you ask. :-) > > I even support and code for Microsoft platforms. > >So do several million other people. > > > I don't even require companies to use ONLY me, > > or purposely write code that makes it harder > > for other programmers to work with. > >I don't know anyone who does. > > > Buyer beware. > >Buyer satisfied. It was noted earlier that Microsoft's "toy" products are used in several production environments. This is certainly true. Many of these production environments have admins that regret the Microsoft decision, and of course there are many that are perfectly happy (though they tend to be the ones that have never used anything else, expect perhaps Novell). The INEEL (Idaho National Engineering and Environmental Laboratory) for example. They switched to NT from Irix and Solaris boxes in the mid 90s and, within 2 years, they switched to Linux systems. The MS SQL servers couldn't handle the load when certain types of queries were used, the boxes crashed (on average) monthly, and of course the licensing for the software was a big turnoff. I am sure that there are horror stories of using Unix and then the world became perfect when a Windows switch was made. <shrug>. I said earlier, OSes are tools and nothing more. I have found that Windows is a mediocre server platform but a good desktop platform, and I have found the opposite to be true of Unix. Whichever works best for the job. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F8qwjGHIcrw7pUMMQkO0001c720>