Re: Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Subject: Re: Backport of the integer overflow in the brk system call
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 3 Dec 2003 03:02:45 +0100
Message-id: <[🔎] 20031203020245.GC20026@lina.inka.de>
In-reply-to: <[🔎] 20031203011922.GA2828@comcast.net>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk> <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org> <[🔎] 20031202232021.GA32333@daedalus.andrew.net.au> <[🔎] 200312031117.19034.russell@coker.com.au> <[🔎] 20031203005423.GA1132@daedalus.andrew.net.au> <[🔎] 20031203011922.GA2828@comcast.net>

On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote:
> I think the DD's should seriously think about requiring smartcards.  It 
> would have prevented the proxmiate cause of our recent troubles.

No, we have to deal with a large population of untrusted individuals. Even
if we can keep outsiders out of our systems (which sounds for me more and
more unlikely) then we still have to face intruders from inside. You know the
numbers tells you it will happen.

Even if it is painful to decide: more priveledges to DDs on a need-to-have base.

And: I am the last person who think it is fine to support a more powerful
elite, but I dont see a way around it. You still can earn an account for a
service, if you proof yourself worth. Thinking of web page translators,
ftp-masters or whatever.

If we are aware about that risk, and have established some midigation, we
can start to address the other risks, which are harder to tackle. 

Smart Cards for example will require a huge investment. And sadly it is not
one a sponsor can cover easyly. But using them will, for sure make the trust
in a developers signature stronger. It will not allow us to trust the developer
more.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Follow-Ups:
- Re: Backport of the integer overflow in the brk system call
  - From: Russell Coker <russell@coker.com.au>

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-lists@andrew.net.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Russell Coker <russell@coker.com.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-devel@andrew.net.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>

Prev by Date: Re: Backport of the integer overflow in the brk system call
Next by Date: Re: Some ideas quickly jotted down
Previous by thread: Re: OT: Smartcards and Physical Security
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread