Date: Mon, 21 Apr 2014 23:28:26 +0200 (CEST) From: Christian Kratzer <ck-lists@cksoft.de> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <alpine.BSF.2.00.1404212324520.32719@pohjola.cksoft.de> In-Reply-To: <97711.1398112757@server1.tristatelogic.com> References: <97711.1398112757@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
On Mon, 21 Apr 2014, Ronald F. Guilmette wrote:
>
> In message <53546795.9050304@quietfountain.com>,
> "hcoin" <hcoin@quietfountain.com> wrote:
>
>> ... It is for the community to decide whether it is 'worth it'
>> on a case by case basis given there is no way to prove a program
>> 'correct' from a security perspective.
>
> I guess that I was sick that day in software school.
>
> Did I just hear you tell me that I can't prove the following program
> is "secure"?
>
>
> int
> main (void)
> {
> return 0;
> }
in an ideal world you could propably. The difficulty ist that even
above seemingly trival snippet of code is run after initialization of
the c runtime library and some pre processing of argc, argv.
It gets more complex with c++ contstructors run before main.
If gets even more complex the more software components interact in
wierd and wonderfull ways.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: ck@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1404212324520.32719>