De Raadt + FBSD + OpenSSH + hole?
Christian Kratzer
ck-lists at cksoft.de
Mon Apr 21 21:28:36 UTC 2014
Hi,
On Mon, 21 Apr 2014, Ronald F. Guilmette wrote:
>
> In message <53546795.9050304 at quietfountain.com>,
> "hcoin" <hcoin at quietfountain.com> wrote:
>
>> ... It is for the community to decide whether it is 'worth it'
>> on a case by case basis given there is no way to prove a program
>> 'correct' from a security perspective.
>
> I guess that I was sick that day in software school.
>
> Did I just hear you tell me that I can't prove the following program
> is "secure"?
>
>
> int
> main (void)
> {
> return 0;
> }
in an ideal world you could propably. The difficulty ist that even
above seemingly trival snippet of code is run after initialization of
the c runtime library and some pre processing of argc, argv.
It gets more complex with c++ contstructors run before main.
If gets even more complex the more software components interact in
wierd and wonderfull ways.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: ck at cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
More information about the freebsd-security
mailing list