On 12/24/2021 9:53 AM, Parodper wrote:
O 24/12/21 ás 18:30, Ralf Quint escribiu:
On 12/24/2021 4:48 AM, Bryan Kilgallin wrote:
The comment against open-source DOS is at the end of this
discussion. See after 26 minutes.
https://youtu.be/Opqgwn8TdlM
I really wonder how that would effect DOS, after all there is no web
interface, nor any Java in (Free)DOS. So (without having watched this
rather long video yet), any such conclusion seems to be a bit far
fetch IMHO...
Ralf
They only mention MS-DOS as an example, at the end. Quote from 24:13
to 24:50:
> [Talking about open source projects being maintained by only one or
> two people]
> You could see, for example, bits of software that really should be
> allowed to die. But, [for example] let's suppose that MS-DOS was open
> source. You can guarantee that there would probably be a community of
> people still maintaining MS-DOS today. We probably don't want bits of
> software like MS-DOS still being maintained. They're interesting
> historical curiosities, [but] they're not software that should be used
> today. And that's the danger, that the software exists beyond its sell
> by date, because anyone can maintain it and it still looks useful.
Yes, I saw the video now, but given the subject of that "discussion" in
the video, that dude was just blowing hot air.
It would be extremely hard to even intentionally create a vulnerability
like Log4j/JNDI, as DOS is a single tasking, single thread OS to begin
with. Just show me a single practical use case where a remote execution
exploit would be really possible...
The real threat of things like the Log4Shell stuff is because specially
in Java (but also in languages like C++ or C#) too many lazy programmers
are just inheriting the crap out of existing classes/methods so that
nobody really knows what all is happening along the way in a call to a
function. In DOS, and really DOS applicable languages (language
implementations), due to the size constraints, this isn't really the
case. Unless someone, like a lot of people in recent years, don't take
DOS for being DOS anymore, but try to use "modern" concepts/libraries,
just to do a quick job and don't care (even know) about such constraints
anymore. And a reason why I am always rather critical when people try to
use in FreeDOS tools and do things like, for example, in Linux...
Ralf
Ralf
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
