>From: Allanah Myles <dossyat_private> > >On 1998.07.20, Brett Lymn <blymnat_private> wrote: >> A sufficiently determined programmer can write crap code despite the >> language. > >This is the key issue with the inherent security problems. The >collolary to this statement is "better tools allow bad programs to >implement bad designs faster." Using "better tools" as others seem >to suggest will *not* gain us any more "security" than we already >have, if we don't also change the quality of programmers. You have misread the statement you quoted. It read, "sufficiently determined", not "incompetent", in reference to programmers. The two types of programmers are vastly different in abilities, one would imagine. The correct corollary (not collolary) to this statement would then be "better tools allow sufficiently determined programmers to implement bad designs faster". Try and stop a sufficiently determined programmer sometime. Your statement that better tools will not gain us more security is wrong. To give a non-technical analogy so you can understand the situation, I will give three similar sentences. If you cannot see the similarities, you are sufficiently determined to ignore the issues. 1) The training wheels on a child's bicycle help keep him/her from falling down when learning to ride. 2) My 6-foot fence keeps my neighbor's crazy pitbull out of my yard. 3) Bounds checking on array accesses eliminates one class of careless buffer overflows. > Why in god's name should a mail system require >system-wide root privilages? As a normal user, I should be >able to manipulate my own mailbox. Why shouldn't the agent >through which I manipulate my own mailbox run, from start >to finish, with no more privilages than my own user? Why ask ridiculous questions? Why invoke melodramatic phrases like "Why in god's name..." when it is obvious that a remote mail server, working with UNIX filesystem privileges (not privilages!), _must_ run at an elevated state in order to access files or at least switch to another user's ID? I believe you don't understand the very important different between a local user and a remote user. > "Tools don't produce bad >software. Bad designers produce bad designs from which bad >software is implemented." You address the bugtraq readers as if they are morons. Please stop. >In developing new "secure systems," we should spend less time >*securing* already existing insecure systems, in the hopes >of deluding ourselves that they have somehow become "secure" >(when we know we can never prove such a thing). We should >instead focus our energies on designing software systems >where the threat-level is as minimal as possible. You demand that we have no faith in the systems that many have been working (with varying levels of success) to secure, and then point over the hill at the promised land: The Software That Was Designed Correctly. This is the viewpoint of the theoretical student, the armchair warrior, and the barstool philosopher. Nothing will ever be perfect. Security is the limit as danger approaches zero. > [...] why does a tool like "rm" >exist? Yes, in the wrong hands, "rm" can be very devastating. >But, without necessary privilages, the scope of the damage >is much smaller. So, design tools that do not require >unnecessary privilages, and focus on preventing unauthorized >gain of those privilages. You argue with one face that to use better tools is ineffective, and then your other face argues that we should build better tools to use. Which of your faces is one to believe? > Well, then, if >you want a secure system, be prepared to build one---from >scratch, if need be. Nihilist, be gone! You may only return with this argument when _you_ have built the Perfectly Secure System From Scratch. > Perhaps even the existing notion of >UNIX-based privilages is insufficient for any real >security - design a better model, and implement it. >Don't complain about the tools people choose to use, >as changing those won't improve security, they'll just >give us new types of security problems to find. > >- -Dossy You have complained and told us not to complain. You have told us all is bad and we must not use it, but offered nothing that is good. You have told us to change what we have for security, then told us it is impossible to change due to security. Your arguments all turn on each other like a pack of rabid dogs. You offer only confusion and annoyance. --Jim
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:14 PDT