Re: De Raadt + FBSD + OpenSSH + hole?
In message <alpine.BSF.2.00.1404212324520.32719@pohjola.cksoft.de>,
Christian Kratzer <ck-lists@cksoft.de> wrote:
>On Mon, 21 Apr 2014, Ronald F. Guilmette wrote:
>>
>> In message <53546795.9050304@quietfountain.com>,
>> "hcoin" <hcoin@quietfountain.com> wrote:
>>
>>> ... It is for the community to decide whether it is 'worth it'
>>> on a case by case basis given there is no way to prove a program
>>> 'correct' from a security perspective.
>>
>> I guess that I was sick that day in software school.
>>
>> Did I just hear you tell me that I can't prove the following program
>> is "secure"?
>>
>>
>> int
>> main (void)
>> {
>> return 0;
>> }
>
>in an ideal world you could propably. The difficulty ist that even
>above seemingly trival snippet of code is run after initialization of
>the c runtime library and some pre processing of argc, argv.
>
>It gets more complex with c++ contstructors run before main.
>
>If gets even more complex the more software components interact in
>wierd and wonderfull ways.
At the risk of stating the obvious...
Complexity != Impossibility
I think that we need better tools.
But then again, I have always thought that, and undoubtedly always will.
Regards,
rfg
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 25 之 29 篇):