[Discuss] Debian 12 in the Cloud
Ben Kallus
benjamin.p.kallus.gr at dartmouth.edu
Tue Jun 4 10:44:52 EDT 2024
> On the other, do we really need such a thing in order prove that
> Daniel J. Bernstein writes better, safer code than Lennart Poettering?
No, but we also don't need a double-blind study to show that the
average programmer's approach to security is a lot closer to
Poettering's than djb's. (I say this as a compliment to djb, not a dig
at Poettering.)
It seems obvious that there would be at least a weak correlation
between LoC and attack surface, if only because the code that makes up
the attack surface contributes to LoC. I'd need to see some
substantial evidence to believe the claim that the coefficient is <=
0.
> The *form* of
> the attack was tailored to that specific dependency chain, but the
> reason why systemd and XZ were attacked and exploited is because they
> exist. If that dependency chain did not exist, if systemd were better
> designed, then the attack would have taken a different form, one
> tailored to that reality instead of ours.
Okay, but that goes for all attacks. If the WebP vulnerability didn't
exist, then people would have exploited iPhones using some other
vulnerability instead. This is unrelated to the fact that the WebP
vulnerability wouldn't have occurred if not for some bad choices made
in libwebp.
Similarly, patching sshd to add new runtime dependencies is a bad
idea, and the people who did that should know better. It's true that
the same social and technical techniques that were used to insert the
XZ backdoor could hypothetically have been applied to a different
runtime depency of sshd. This still doesn't absolve anyone of blame,
or make it unreasonable to say that systemd played a part in making
the XZ attack possible. If you want to qualify that statement with "in
this reality," that's okay with me, but I think most people interpret
most statements with that qualification implicit.
-Ben
More information about the Discuss
mailing list