Re: Debian Server Compromise -- A Fire Drill ??
On Thu, 04 Dec 2003 18:00:18 +0100, Tom <tb.31123.nospam@comcast.net> wrote:
>On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote:
>
>> ... That's why the kernel
>> developers thought it was just an ordinary bug: they could see no way to
>> exploit it.
>
>That statement is somewhat disconcerting. The hypothesis is that many
>eyes detect secure bugs, and here is clear case evidence contradicting
>that hypothesis.
There is no contradiction. Many eyes detect most security problems, but
not all. This is certainly better than just a few eyes with access to
proprietary code.
>One must assume there are more bugs in this class.
That is my assumption. The only thing that would give me confidence that
there are no holes would be a common process for connecting raw input to
privileged routines -- a process which is so simple that everyone can see
it is robust. Such a process exists to isolate different privilege levels
in the instruction set of a microprocessor. It seems like something
similar could be done to isolate routines that run with root privilege.
--Dave
Reply to: