lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 29 Nov 2007 15:56:28 -0500
From:	Valdis.Kletnieks@...edu
To:	Jon Masters <jonathan@...masters.org>
Cc:	Ray Lee <ray-lk@...rabbit.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, tvrtko.ursulin@...hos.com,
	Al Viro <viro@....linux.org.uk>,
	Casey Schaufler <casey@...aufler-ca.com>,
	Christoph Hellwig <hch@...radead.org>,
	linux-kernel@...r.kernel.org
Subject: Re: Out of tree module using LSM

On Thu, 29 Nov 2007 14:45:51 EST, Jon Masters said:
> Ah, but I could write a sequence of pages that on their own looked
> garbage, but in reality, when executed would print out a copy of the
> Jargon File in all its glory. And if you still think you could look for
> patterns, how about executable code that self-modifies in random ways
> but when executed as a whole actually has the functionality of fetchmail
> embedded within it? How would you guard against that?

So, just because Fred Cohen showed in his PhD thesis that *perfect* virus/malware
scanning is equivalent to the Turing Halting Problem, we should abandon
efforts to make a 99.9998% workable system?

Yes, most of these schemes *can* be bypassed because some malicious code does a
mmap() or similar trick. But what is being overlooked here is that in most
cases, what is *desired* is a way to filter things being handled by *non*
malicious code.  Yeah, sure, a shar archive can contain a binary that does evil
things - but if we stop /bin/cp from copying the file that has the evil in it,
it's a non-issue.

Let's get real here guys - trying to do *absolutely perfect* security is
pointless.  You want to do security that reduces your *total* cost - and in
most cases this means "pretty good security" that stops "almost all issues".

As Linus reminds us once in a while - the perfect is the enemy of the good.
In this case, we don't *need* to be perfect - we only need to be noticably
better than another well-known operating system that isn't even very good at
it.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists