From: Jan Klod <janklodvan@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Updates: a way too simplified security question I am asking anyway
Date: Wed, 20 Aug 2008 23:53:50 +0300 [thread overview]
Message-ID: <200808202353.50243.janklodvan@gmail.com> (raw)
In-Reply-To: <4255c2570808201231k360aec7cs6ef19206a62dd095@mail.gmail.com>
On Wednesday 20 August 2008 22:31:30 RB wrote:
> On Wed, Aug 20, 2008 at 12:14 PM, Jan Klod <janklodvan@gmail.com> wrote:
> <snip rambling flame>
No problem, we can cut it.
> I'm not going to address each of the fallacies I see in your
> statements, but you have an exceedingly idealistic view of software
> development and particular OS' perceived security. [Insert project
> here] may have a slogan, but the developers are still human and thus
> still make mistakes and are inherently lazy. Short of being powered
> by unicorn farts, there is no way any reasonably complex system can
> approach that ideal.
[sorry, as you see, writing what I don't know much about]
In this light I was assuming, that file server is much less complex than it
is. Give you my word to remember this when I write my next code :)
>
> In regard to your philosophy of updates, do you build a wall and not
> defend it? Do you plant a garden and not water it? In the same
> light, no system can be "permanently" secured. Safes are rated by the
> amount of time it would take a dedicated, skilled cracker to open it;
> none are ever deemed uncrackable. If you want more time, you purchase
> [or build] one that better matches your needs. System security is no
> different.
Complexity matter again... Theoretically.. is it possible to enumerate all the
possible scenarios for a file server? (or, I might have wrote - all of its
states) Oh, sure, it has finite amount of memory :)
Human problem.
Is easy to say "security", hard to give an action for all the possibilities
(right action by our judgement)...
I started this as a "flame", but the rest might go out of scope of this list
and send me to theoretical computer science.
Javier Martínez:
"control the execution of perl an python (between
others) scripts (in the way of perl blablabla.pl, which does not need
execution rights). You under this two frameworks you can do it. Can
you do this under OpenBSD ;)"
Thanks, just you put me on my way, if I really need a reliable system, that I
can get NOW AND HERE :)
next prev parent reply other threads:[~2008-08-20 20:53 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-01 15:09 [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM] Ferris McCormick
2008-08-20 10:37 ` [gentoo-hardened] Tin Hat memory requirements? Jan Klod
2008-08-20 11:14 ` Natanael Copa
2008-08-20 11:54 ` Jan Klod
2008-08-20 15:46 ` Natanael Copa
2008-08-20 16:03 ` Jan Klod
2008-08-21 6:29 ` Natanael Copa
2008-08-20 18:14 ` [gentoo-hardened] Updates: a way too simplified security question I am asking anyway Jan Klod
2008-08-20 18:57 ` Arne Morten Johansen
2008-08-20 19:31 ` RB
2008-08-20 20:53 ` Jan Klod [this message]
2008-08-20 22:02 ` RB
2008-08-20 22:44 ` Javier Martínez
2008-08-20 20:17 ` Javier Martínez
2008-08-20 21:16 ` [gentoo-hardened] aa Daniel Svensson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200808202353.50243.janklodvan@gmail.com \
--to=janklodvan@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox