Re: libsafe and Debian installation
On Mon, 2002-04-22 at 16:49, Jeroen Dekkers wrote:
> On Mon, Apr 22, 2002 at 05:31:40PM -0400, Shaya Potter wrote:
> > I assume you means it's the wrong way to increase security. I disagree
> > with you. libsafe and good code are 100% orthogonal issues. good code
> > is the security blanket, libsafe is the safety net.
>
> No, good code doesn't have buffer overflows. You should just use
> dynamic allocation and memcpy() for example.
Spoken like a good developer.
Unfortunately, no one is perfect. Are you claiming the title? If you
are, thanks for letting us know; we need to start auditing all of your
projects right away. :-)
The best security plan makes use of layers. This way, a screwup on one
layer has a chance of being compensated for on another. That's why we
still have both tcp-wrappers and ipchains, for example.
So, if libsafe may potentially stop other people's screwups (maybe even
yours) from causing me problems, it's got my vote. Especially if it
warns me whenever it finds one.
[Note: I am not taking a position on whether libsafe should be Required,
or whether it lives up to its design, or anything like that.]
> You should always patch, because you already say you can't rely on
> libsafe. Now you make people lazy by thinking "no need to hurry to
> patch, libsafe will catch it". And people think like that, it doesn't
> matter if they should not think that way.
"lazy"?
Have you ever been a sysadmin professionally?
> > Lets say one is an administrator of his own machine on a cable modem.
> > Lets say that person is in the middle of finals, or ends up in the
> > hospital and is unable to update his machine. Something like libsafe can
> > provide a real boost in security.
>
> Let's talk about more people than 0.0000001% of our users.
Alright. Let's talk about a sysadmin who is:
- frantically finding hotfixes for the WinXP security hole management
forced upon him,
- taking calls from users with questions like "why do you click Start
to shut down your machine?" or "my cupholder broke" or "what do I do
when the printer says 'Out of Paper' and won't print?",
- doing virus repair on a bunch of client boxes because the secretary
clicked on the little icon "so I could give that guy some advice",
- already working an average of 20 hours per week overtime because of
stuff like the above,
- etc.
If you feel the need to assert that this is only 0.00001% more of our
users, please make sure you cross-post that to debian-user. I suspect
you'll get an education. :-)
> I don't think libsafe will protect most of those systems. If libsafe
> is needed to warn an administrator that his machine has an insecure
> application then there is already something wrong. Any administrator
> who takes his job serious reads about security updated and patches his
> software.
If libsafe warns when an app buffer-overflows, then consider this:
libsafe may be finding a problem no one else has yet. Or, possibly, a
problem that only the black hats know about at the moment.
That would be a very valuable service.
Also, see the point above concerning overworked sysadmins.
> > If the cons are too great for someone, i can accept
> > that they wont use it. But to say that there's a security reason not to
> > use it, to me seems like a very weak argument.
>
> I'm talking about that's wrong to provide it in the first place. And
> it *could* cause security problems.
Perhaps libsafe isn't really useful yet. Maybe it won't ever be. If
you think this is the case solely because of its design, well, provide
some evidence.
As for the "it could cause security problems" thing, well, so could any
software you install. Why is libsafe so special that it doesn't deserve
to exist because it might have flaws?
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: