Date: Thu, 13 Feb 1997 13:29:48 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Terry Lambert <terry@lambert.org> Cc: dk+@ua.net, snar@lucky.net, freebsd-hackers@FreeBSD.org Subject: Re: Increasing overall security.... Message-ID: <Pine.SV4.3.95.970213130544.13986A-100000@parkplace.cet.co.jp> In-Reply-To: <Pine.SV4.3.95.970213073812.12287A-100000@parkplace.cet.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
[I guess I should supply a better punch line.] On Thu, 13 Feb 1997, Michael Hancock wrote: > On Wed, 12 Feb 1997, Terry Lambert wrote: > > > > To play devil's advocate... > > > > > > 1) It requires assembler which is harder to understand. Less people are > > > qualified to review it. Relying on something harder to understand for > > > security is questionable. > > > > This is not a "security through obscurity" issue. The code is hard to > > understand because of the people trying to understand it, not because > > the difficulty in understanding it is one of the intentional effects. > > I didn't say it was "security through obscurity". Look at TIS's FWTK for > the philosophy I'm talking about. > > Mike Hancock It's about the degree to which the code can be publically verified to be secure and maintained to be secure. I wrote a graphics device driver 13 years ago in 286 assembler when working parttime because I had to make it fast. I enjoyed writing it at the time, but I didn't enjoy going back to make changes. And I would definitely not enjoy maintaining someone else's assembler. Cheswick & Bellovin, "Firewalls and Internet Security", explain the mindset you need pretty well. O'Reilly's Firewall book talks about Internet security in more practical terms, i.e. they recognize sendmail as being in the "lots of bugs, lots of people looking at it" category Philippe mentioned earlier. Regards, Mike Hancock
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.95.970213130544.13986A-100000>