On Mon, 23 Nov 1998, Frank O'Dwyer wrote:
Vlad Stesin wrote:
I don't quite understand the logic behind this. The fact that the program's source is available is itself a proof that there are no backdoors. Anyone can read the source code and make sure it's OK.
Anyone can, but does anyone? Also be aware that most people don't compile from source--it would be easy to doctor the source, compile a binary, and ship the trojan binary alongside the unmodified source.
True enough. Groups that produce software that play a critical role in security almost always sign the binaries.
Yes it does, but not quite in the same way. For example, I believe that in days of yore some attackers managed to insert a back door into some DEC OS by breaking into the coding environment (I don't recall the details, does anyone else?).
Break into the coding environment? Does that mean they broke into the VMS development shop?
In short, this is a real problem, but it seems to be that the likes of Linux ought to be able to leverage its decentralised and parallel development model to address it in a more comprehensive manner than any closed centralised model could ever hope to achieve. "Many eyes" _should_ make for defence in depth against this--but it does look like some process is needed, and the Linux folk will need some kind of argument to convince people that it works.
Already proven. The emergent behavior of the Linux development model does not need centralized process to coordinate it. People who had access to the source and were aware of the teardrop attack hacked a patch to it almost immediately. The patch was widely available the next day. How long did it take for microsoft? jim