From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KVugn-0005RT-7y for garchives@archives.gentoo.org; Wed, 20 Aug 2008 20:53:57 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C31A0E045A; Wed, 20 Aug 2008 20:53:55 +0000 (UTC) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by pigeon.gentoo.org (Postfix) with ESMTP id 6666AE045A for ; Wed, 20 Aug 2008 20:53:55 +0000 (UTC) Received: by nf-out-0910.google.com with SMTP id c7so306161nfi.26 for ; Wed, 20 Aug 2008 13:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=Z2zDLjdllRV/HIkh3IH3SWYIWs1hhlwhv+ooMpqw+tQ=; b=EIhTzW+mtZ69bSxdiZEWtp90wSZrvxSNS0QzNypg1FtOGKik1G4+9NUwgP+t+Ow40k 0uPe3L+VTy2avPRZit51fip4xSGD5P7zGJ2i4oieI+4xXGUpT1NlVmqCeG00fQORYYho kh42o8ix/lY72owPJVcE5jNwJT0u3NGD8hvC0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :message-id; b=QBGmTFDQcvYzx9wn9VDziEpy9EHMyo3KmwoNn+IE8whkl5+zdVz2bVo1gU4MgKYceo g49RkgC+zP9LA8m5jTxYAaLkkM+KYZ5LRFjOU4kOTdCjn609OfzkpTmnFEORBmHyg3SK dydLgcHF1tOB+3fxzGjwCFa6GpElJb/t9V1JM= Received: by 10.210.49.19 with SMTP id w19mr665501ebw.130.1219265634528; Wed, 20 Aug 2008 13:53:54 -0700 (PDT) Received: from ?192.168.7.111? ( [62.63.130.154]) by mx.google.com with ESMTPS id 34sm1114547nfu.24.2008.08.20.13.53.52 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 20 Aug 2008 13:53:53 -0700 (PDT) From: Jan Klod To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Updates: a way too simplified security question I am asking anyway Date: Wed, 20 Aug 2008 23:53:50 +0300 User-Agent: KMail/1.9.9 References: <1217603370.1820.242.camel@liasis.inforead.com> <200808202114.57420.janklodvan@gmail.com> <4255c2570808201231k360aec7cs6ef19206a62dd095@mail.gmail.com> In-Reply-To: <4255c2570808201231k360aec7cs6ef19206a62dd095@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200808202353.50243.janklodvan@gmail.com> X-Archives-Salt: 6056e6a9-ae1f-44e1-9288-03534e7db7f0 X-Archives-Hash: c98ce77a1cab2d2ec2f2d0a75fe19c04 On Wednesday 20 August 2008 22:31:30 RB wrote: > On Wed, Aug 20, 2008 at 12:14 PM, Jan Klod wrote: > No problem, we can cut it.=20 > I'm not going to address each of the fallacies I see in your > statements, but you have an exceedingly idealistic view of software > development and particular OS' perceived security. [Insert project > here] may have a slogan, but the developers are still human and thus > still make mistakes and are inherently lazy. Short of being powered > by unicorn farts, there is no way any reasonably complex system can > approach that ideal. [sorry, as you see, writing what I don't know much about] In this light I was assuming, that file server is much less complex than it= =20 is. Give you my word to remember this when I write my next code :) > > In regard to your philosophy of updates, do you build a wall and not > defend it? Do you plant a garden and not water it? In the same > light, no system can be "permanently" secured. Safes are rated by the > amount of time it would take a dedicated, skilled cracker to open it; > none are ever deemed uncrackable. If you want more time, you purchase > [or build] one that better matches your needs. System security is no > different. Complexity matter again... Theoretically.. is it possible to enumerate all = the=20 possible scenarios for a file server? (or, I might have wrote - all of its= =20 states) Oh, sure, it has finite amount of memory :) Human problem.=20 Is easy to say "security", hard to give an action for all the possibilities= =20 (right action by our judgement)... I started this as a "flame", but the rest might go out of scope of this lis= t=20 and send me to theoretical computer science. Javier Mart=C3=ADnez:=20 "control the execution of perl an python (between others) scripts (in the way of perl blablabla.pl, which does not need execution rights). You under this two frameworks you can do it. Can you do this under OpenBSD ;)" Thanks, just you put me on my way, if I really need a reliable system, that= I=20 can get NOW AND HERE :)