On Mon, Apr 22, 2002 at 05:31:40PM -0400, Shaya Potter wrote: > I assume you means it's the wrong way to increase security. I disagree > with you. libsafe and good code are 100% orthogonal issues. good code > is the security blanket, libsafe is the safety net. No, good code doesn't have buffer overflows. You should just use dynamic allocation and memcpy() for example. > One should never > say "libsafe will catch it" as libsafe isn't perfect, but it provided a > safety net to those who either get hit before they can patch, or > actually get hit by the actual new attack. You should always patch, because you already say you can't rely on libsafe. Now you make people lazy by thinking "no need to hurry to patch, libsafe will catch it". And people think like that, it doesn't matter if they should not think that way. > Lets say one is an administrator of his own machine on a cable modem. > Lets say that person is in the middle of finals, or ends up in the > hospital and is unable to update his machine. Something like libsafe can > provide a real boost in security. Let's talk about more people than 0.0000001% of our users. > How many machines are hacked on a daily basis that libsafe could have > protected against (and in fact warn the administrator of the machine > that they have an insecure application). Any system administrator who > relies on libsafe alone to provide him protection, is a not so > intelligent system administrator, I don't think libsafe will protect most of those systems. If libsafe is needed to warn an administrator that his machine has an insecure application then there is already something wrong. Any administrator who takes his job serious reads about security updated and patches his software. > but any system administrator who > doesn't consider the pros (as well as the cons) of using libsafe is also > not doing his job. True, he will consider it and and he is smart enough he won't install it. > If the cons are too great for someone, i can accept > that they wont use it. But to say that there's a security reason not to > use it, to me seems like a very weak argument. I'm talking about that's wrong to provide it in the first place. And it *could* cause security problems. Jeroen Dekkers -- Jabber supporter - http://www.jabber.org Jabber ID: jdekkers@jabber.org Debian GNU supporter - http://www.debian.org http://www.gnu.org IRC: jeroen@openprojects
Attachment:
pgpp8gwOxl7Qs.pgp
Description: PGP signature