[cryptography] kernel.org hack and kernel integrity
Seth David Schoen
schoen at loyalty.org
Sat Sep 3 13:19:54 EDT 2011
James A. Donald writes:
> Suppose that there is a bad apple. The bad apple can socially
> engineer his code into the source tree by leveraging his
> relationships, but in so doing, if he gets caught, will burn those
In this vein, a big concern is that even experienced C programmers
can have a hard time noticing security vulnerabilities, even if
they're looking for them.
It's also easy to deny that vulnerabilities were intentional.
Someone who wrote (or approved) code containing an integer overflow
bug or something could simply apologize, and nobody would assume
that they knew the bug was present.
Seth David Schoen <schoen at loyalty.org> | No haiku patents
http://www.loyalty.org/~schoen/ | means I've no incentive to
FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 | -- Don Marti
More information about the cryptography