On Tue, Aug 08, 2000 at 03:03:05PM -0400, Greg A. Woods wrote:
> > What's special about me is that all of the data on the box and in the
> > repository has already been published to the whole world. There is no
> > sensitive information there, nor even on any other machine connected
> > to the same network. It's outside my firewall and I never put anything
> > sensitive outside my firewall.
>
> A covert attack could modify that data in non-obvious ways and not be
> revealed until it is too late to recover fully from the attack.
Wrong. I run a public CVS archive. People are always examining the diffs
and would notice right away. Same is true for any free/open software project,
you just don't get it, that's all.
> > CVS "scripts" ought to be written in a CVS-specific language, containing
> > some harmless built-ins (for mailing logs, etc.) plus an "exec" command.
> > With a good enough set of built-ins, many installations could disable
> > the "exec" capability completely. That would substantially improve the
> > security of CVS even under the ssh model (you wouldn't have to trust
> > that guy in .ru you just gave a login to).
>
> Any sufficiently powerful language is effectivley Turing Complete --
> i.e. will allow the cracker to do dangerous things.
This sounds clever, but everything it says is wrong: there are turning
complete languages that are not dangerous, and there are languages which
are sufficiently powerful (for some purpose) but not turning complete.
You're just trying to sound clever, but it's not working.
Justin
