>On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote: > >> ... That's why the kernel >> developers thought it was just an ordinary bug: they could see no way to >> exploit it. > >That statement is somewhat disconcerting. The hypothesis is that many >eyes detect secure bugs, and here is clear case evidence contradicting >that hypothesis.
There is no contradiction. Many eyes detect most security problems, but not all. This is certainly better than just a few eyes with access to proprietary code.
>One must assume there are more bugs in this class.
That is my assumption. The only thing that would give me confidence that there are no holes would be a common process for connecting raw input to privileged routines -- a process which is so simple that everyone can see it is robust. Such a process exists to isolate different privilege levels in the instruction set of a microprocessor. It seems like something similar could be done to isolate routines that run with root privilege.
--Dave
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
