"TrustedBSD" addons
Paul Robinson
paul at iconoplex.co.uk
Tue Jun 29 13:14:07 PDT 2004
On Tue, Jun 29, 2004 at 01:40:35PM -0500, Kevin Lyons wrote:
> Well, point being that more layers/lines of code added, the more
> potential vulnerabilities.
Myth. Which is more vulnerable to attack - the kernel that gets compiled
when you build GENERIC, or a few lines that strcpy's some input recieved
over a socket running as root?
LOC is about as effective a measure of potential vulnerabilities as it is a
measure of how productive a developer is or the quality of the design
process - i.e. it's useless and the myth has been thrown around for god
knows how long by people who really should know better.*
Well-written code is well-written, no matter how many lines long it is.
Ditto for badly-written code. I've seen 20-liners that could be broken by a
competent 13-year old, and 20,000-liners that were impregnable. I am not
alone.
> I don't think we can say the FreeBSD or
> TrustedBSD developers are any more exploit immune than other folks.
Based on the number of security announcements over the last 5 years, I could
argue very convincingly that the FreeBSD and TrustedBSD developers are far
more exploit immune than the Microsoft OS developers.
Of course, it would be complete bullshit, but that's not the point. :-)
> Not ranting/trolling. Thanks for the info, that is good. As I said, i
> have not installed/configured it yet. I have been noticing feaping
> creaturism in freebsd as of late so I was simply concerned about it.
"Of late"? You've *JUST* noticed? Wow. :-)
* - yes, I know. I expect this now to explode into a silly thread. People
really should know better.
--
Paul Robinson
http://www.iconoplex.co.uk/
More information about the freebsd-chat
mailing list