On Fri, Apr 06, 2007 at 11:53:45PM +0300, Dan Armak wrote: > On Friday 06 April 2007, Geoffrey S. Mendelson wrote: > > I have a philosophical question. With open source software how do you > > make sure that the copy you are running was not modified to send > > your accounting data to some "data collection" site? > > You seem to be implying that there's a way to do this with proprietary > software that doesn't work for free software. Is there?
No, but there is a much greater risk of it happening with open source software. First of all, the probablility in the real world of someone being able to verify the source code is "clean" is not very large. Few people can actually read source code to the point that a hidden exploit is not present. Even those that can, rarely do so. Have you looked at the source code for any of the open source applications you run? Not little bits here and there, but the entire "program"? With open source software it becomes much easier for an unscrupulous person to modify the downloadable source code or ceate a mirror of the compiled program with a bug. There was for example a trojan placed in one of the more common TCP/IP utilities (I forget which it was, either traceroute or tcpdump) and it even made it to a few distributions of various operating systems. With closed source programs where the source code and the distribution of compiled programs is tightly controlled, the skill level required of a person modifiying it for nefareous purposes is much higher. > You can make sure the source code being compiled is the same, because it's > usually signed. So you're saying the binary's correct behavior can't be > deduced from an inspection of the source code followed by a test of a > separately compiled binary on a system similar to yours (where the distro's > packages are built). Yes. It can not. It can be verified to perform within the parameters of a test, but it can not be verified to NOT perform outside of those paramaters. In fact many programs do just that, compilers have been known to recognize benchmarks and substiute special code; the Intel C compiler recognizes usages in the Linux Kernel of GCC bugs and produces incorrect code, but the same as GCC, and so on. Changing checksums to match modified code is a time honored hacking method, I know of it being done in the 1960s and it was probably done years before. I once hid a hand crafted date check routine in the DATA portion of a Fortran program. It was assembled from data statments and then executed. Unless you knew the approriate machine code and was a Fortran whiz, you never would spot it. Doing such a thing now with C, or PERL would be simple. > > But if you don't trust your compiler to build correct code, or your distro's > packaging process to catch backdoors, then how can you trust your libc or > kernel? It's a lot bigger problem than whether some accounting software is > duly certified. I normally don't care. I don't keep anything on a computer that is that sensitive. I am also not an auditor making sure that software performs as required by law and does not contain other unwanted code. I have been in the past, but am not now. > > Using computer programs to steal money or hide income from the tax > > authorities is not a new or uniquely Israeli concept. > How do they check this today, for proprietary apps running on Windows? Do > they > have remote root access to your machine to make sure you're running the > software you claim you are? Are they planning on using TPMs with RA? I have no idea. I can only assume they run some sort of virus/spyware detection program against it and then verify the actions are correct. For example, one committed, records can not be modified. Not an easy thing to lock in an open source program with an external database. > > More importantly, why can't they get as much information by verifying the > data > your app submits? After all, even with a duly certified and unmodified app > the user still controls the input. The app has no more knowledge than is > contained in its output. If I needed to mangle the input data to hide income, > and the mangling was so complex a human couldn't do it, I'd write a separate > app to do that. True but these apps are designed to be used by people with bookeeping certification, not trained programers. The concept behind them is that you enter the data, and once you verify that it is correct, it can not be changed. Then usual accounting practices are applied and checked. BTW,hiding income is probably the last thing they care about. One can hide income in many ways without a computer program. They are more likely interested in expenses. All expenses are logged, and none of it "disappears". Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
