On Wed, 27 Mar 2002 mixterat_private wrote: > ...what's related is what I talked about, using shared libs for pre- > reporting (I agree, a simple technique) which in turn helps to document > the external entry points (not always all) and focus on them. I am not dismissing this idea :-) There is a lot of very good methods of reconnaisance, analysis, etc, etc, but none of them will provide a complete or even near-complete coverage of potential problems. This does not mean we should stop using them, but we should certainly refrain from making stupid claims (what the original poster did). As a matter of fact, I am a frequent user of strace, ltrace and other run time tools, and even authored one high-level project of this kind (Fenris, announced on sectools a while ago). But I usually stay away from solutions marketed as "total", "ultimate", "complete", "finds all...". > Would you say that human beings can theoretically solve this problem as > they can oversee all functions in source code (this problem seems to be > a white-box auditing issue to me...) and hence theoretically extrapolate > all states...? Well, it is tricky ;-) People naturally look for formal, automated methods of code analysis for two reasons: 1) humans make mistakes, 2) humans are expensive and slow. Think about chess - there is just a very few players in the world who can beat most powerful computers. Even they make mistakes. And most of us are just average in this game, and will never win with a powerful machine. The demand for affordable security is much higher than the number of people with really excellent audit skills (and ones that are will be really expensive to hire and will work for a very long time on a huge project), plus there's no simple way to tell who is good and who is not. For mission-critical applications it is not how many bugs do you find, but how many bugs you miss :-) AI in terms of simulating high-level conscious processes is not much closer to becoming a reality than it was 20 years ago. -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
This archive was generated by hypermail 2b30 : Wed Mar 27 2002 - 16:55:14 PST