Date: Tue, 21 Jul 1998 09:24:01 -0400 (EDT) From: Jeff Aitken <jaitken@dimension.net> To: brett@lariat.org (Brett Glass) Cc: jkh@time.cdrom.com, drosih@rpi.edu, security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <199807211324.JAA03501@gizmo.dimension.net> In-Reply-To: <199807211120.FAA07335@lariat.lariat.org> from Brett Glass at "Jul 21, 98 05:20:24 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass writes: > At 08:51 PM 7/20/98 -0700, Jordan K. Hubbard wrote: > >Audit. Audit audit audit. > > More like audit, audit, audit, audit, audit, audit, audit.... Ad > infinitum. Ad nauseam. Unreliably. Missing all sorts of holes and > bugs. It's not only tedious -- it also doesn't work. > > Again, quality and security shouldn't be tested in. Or audited in > (which is worse, because it misses much more than a mechanical > test). Hello?! Earth to Brett? Have we met? While what you're saying looks good on paper, I am reminded of a quote I saw while in college: "In theory, there's no difference between theory and practice, but in practice there is." So in theory, it would be nice if everyone would design security in to what they write (even if they are writing it for free, in their spare time, because they enjoy it, not because they want you to use it for mission-critical systems). In theory, programming languages would make it difficult if not impossible for you to shoot yourself in the foot. In theory, mistakes can be avoided if we're careful enough. In theory, if we're not satisfied with the quality of a piece of code (e.g., qpopper) there should be someone willing to drop everything he is doing to write a replacement. Here in the real world, however, a slightly different set of rules apply. C lets you shoot yourself in the foot with remarkable ease. Nonetheless, we use operating systems written in C. We depend upon applications written in C. There are millions and millions of lines of existing C code, and NO ONE IN THEIR RIGHT MIND is going to recode all of it in another language in the fruitless hope that it will eliminate security flaws. (Never mind the fact that this *wouldn't* fix many of them anyway). Here in the real world, practicality reigns. We have a limited number of very devoted volunteers who bust their ass to give us a remarkably secure and stable operating system. Others do a tremendous amount of work to give us ported applications, so that we end users can just concentrate on *using* the system for our own purposes. If you really care about this, then step down off the soapbox, take off the rose-colored glasses, and help fix what's broken. Preaching to the choir is not going to get anything done. --Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807211324.JAA03501>