Date: Wed, 10 Oct 2001 09:51:30 -0500 From: Mike Meyer <mwm@mired.org> To: Paul Robinson <paul@akita.co.uk> Cc: Lowell Gilbert <lowell@be-well.ilk.org>, GB Clark II <gclarkii@vsservices.com>, freebsd-chat@FreeBSD.ORG Subject: Re: Code 'auditing' (was Re: code density vs readability) Message-ID: <15300.24690.349262.482484@guru.mired.org> In-Reply-To: <20011010143520.A68224@jake.akitanet.co.uk> References: <9ptk3o$14kg$1@FreeBSD.csie.NCTU.edu.tw> <44d73xt0y9.fsf@lowellg.ne.mediaone.net> <0110090955220A.07185@prime.vsservices.com> <448zejljtz.fsf@lowellg.ne.mediaone.net> <20011010143520.A68224@jake.akitanet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Robinson <paul@akita.co.uk> types: > On Oct 10, Lowell Gilbert <lowell@be-well.ilk.org> wrote: > > The original concern, about whether emacs could have malicious code > > shipped with it, is more realistic. I think it's not worth worrying > > about, because there really are more eyes on the code, on a more > > regular basis, than the original poster realized. > Ahhh - the 'more eyes are a good thing argument' - one of my favourite > arguments about security of open source code. You see, the problem is, it's > not actually relevant. Depends on what level you're talking about. You're right that it won't prevent security bugs. On the other hand, it has already closed back doors. > It's like the argument that PGP must be secure because it's open source and > anybody could see any backdoors in there. Firstly, hands up everybody here > who really understands crypto that well to know whether a mathematical > algorithm has been implemnted in such a way that there are no flaws. Ok, my hand is up. The question you're asking isn't really a crypto question, though. I can't analyze an algorithm for cryptographic flaws - which is where the crypto knowledge comes in. Given an algorithm, I can verify that it's implemented correctly. I do know crypto well enough to find the algorithms I need to check. > Secondly, how many of you have read the source code in it's entirety to the > version of PGP you are running and checked that there are no backdoors? My hand is still up. > It's not just PGP either - every piece of software you run, you assume to be > security hole free because with your argument 'there are enough eyes looking > at it for me' - not a very security concious stance. No, I don't assume that. Anybody who does is foolish. Your argument about programmer quality is a good one. The claim isn't that many eyes leads to no, or even few, bugs. The claim is that many eyes lead to shallow bugs. On the other hand, people have planted backdoors in open source software, and have been caught doing it. If it had been commercial software, they probably wouldn't have been caught, as finding backdoors is much harder if you have to publish the source. That's what's really relevant - are you going to install a backdoor and then risk it being found by someone casually perusing the source? If there are no people casually perusing the source, that's not an issue. Of course, if part of what you're publishing is the build tool chain, it's possible to provide a backdoor that only appears in the binaries. Inserting it into a system distributed like FreeBSD would be an interesting problem, though. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15300.24690.349262.482484>