[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

On Wed, Jun 19, 2002 at 01:59:21PM -0500, Vince Mulhollon wrote:
> An automobile metaphor:  It's publically known that underinflated
> "firestone tires" on a "ford exploder" occasionally pop on the
> highway, killing the occupants.  Users can apply that knowledge to
> either check their tire pressures, replace the firestone tires with
> equivalent yet safer Michelin tires, buy a vehicle with better
> handling, or ignore the admittedly small risk.

I think your analogy is flawed; security vulnerabilities are treated
the way they are because they are (or can be) taken advantage of through
deliberate, presumably malicious action on the part of a conscious
third-party actor.

Substandard tires exploding on the hot asphalt causing rollovers of SUVs
traveling at high speed is a different story, unless you're
anthropomorphising the car and/or the road.

We don't generally classify spontaneous crashes of the X server or
kernel panics as security issues, no matter how unpleasant they are.  I
think such examples of software (or hardware!) defects are a much better
analogue to the Firestone tire recall.

> Users can apply the knowledge of the risk to avoid dangerous situations, if
> the risk is publically announced.

That much is true.

> Regarding Debian security announcements I'd be "happy" with a "dual track",
> one "secret" detailed assessment of the vulnerability and exactly how to
> exploit it, and one public post to debian-devel saying "hey, sendmail has a
> new security hole, please either switch to exim temporarily and/or keep
> careful watch on your mail server".  That should make "everyone" happy?

...except for the fact that it's also a heads-up to mailicious parties
to start paying more attention to sendmail then they already were.  To
riff on your flawed analogy, this is like making the road hotter or
thinning the tread on the tire.  The environment is becoming more
dangerous by virtue of the announcement.  And if no replacement tires
are avaible, you could be in deep trouble.

> An automobile metaphor:  Ever head of the Corvair?  Ralph Nader?  "Unsafe
> at any speed"?

See above.

> Keeping secrets from the users isn't very nice behavior.

I agree, in general.  I think the issue is more complex than some
proponents of either side are making it out to be.

On balance, however, I think the security team are taking the right
approach.  We do need to take care to not let a culture of secrecy
develop, however.  We maintain secrecy regarding security
vulnerabilities because of a specific set of real-world circumstances in
a given context.  Any other employment of secrecy needs to be
independently justified in light of the Social Contract.

At the risk of derailing this thread into even more volatile territory,
I will observe that in my experience as a kibitzer on this Project's
internal politics, the security team are not anywhere near the top of
my list of people whose insularity and lack of accountability cause
problems for Debian's developers and users.

G. Branden Robinson                |          You live and learn.
Debian GNU/Linux                   |          Or you don't live long.
branden@debian.org                 |          -- Robert Heinlein
http://people.debian.org/~branden/ |

Attachment: pgpyuN_a9DmQ0.pgp
Description: PGP signature

Reply to: