[cryptography] kernel.org hack and kernel integrity

Seth David Schoen schoen at loyalty.org
Sat Sep 3 13:19:54 EDT 2011


James A. Donald writes:

> Suppose that there is a bad apple.  The bad apple can socially
> engineer his code into the source tree by leveraging his
> relationships, but in so doing, if he gets caught, will burn those
> relationships.

In this vein, a big concern is that even experienced C programmers
can have a hard time noticing security vulnerabilities, even if
they're looking for them.

http://underhanded.xcott.com/

It's also easy to deny that vulnerabilities were intentional.
Someone who wrote (or approved) code containing an integer overflow
bug or something could simply apologize, and nobody would assume
that they knew the bug was present.

-- 
Seth David Schoen <schoen at loyalty.org>      |  No haiku patents
     http://www.loyalty.org/~schoen/        |  means I've no incentive to
  FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150  |        -- Don Marti



More information about the cryptography mailing list