flat assembler
Message board for the users of flat assembler.

Index > Heap > i wasted my today with killing ...

Goto page Previous  1, 2, 3, 4, 5, 6, 7
Author
Thread Post new topic Reply to topic
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Borsuc wrote:
The virus infected the SOURCE CODE

But the whole source in *nix/*nix-like systems is in /usr/src, which is ... I'm listening???? That's right READ-ONLY unless you're logged in as root which you should not be. The same thing cannot always be said about Windows since most people - including the "mighty" developers - run with administrator privileges all day long. Well, actually most people don't really know what having administrator privileges means, if they know it even exists at all.
The difference between proprietary software and OSS (especially under *nix/*nix-like systems) is that with the former, the infected programs will have to be recompiled by the software provider (that is if they ever notice the infection) and users will have to redownload it again, while with the latter, the users just clean the source - which anyway should not even be infected in the first place (see above) - or restore it from a read-only location and do a simple "make install".

Borsuc wrote:
Same can be done with Linux, especially if it infects a rarely-modified part

There are many tools that check file alterations. These tools just compare the existing source/files/etc. against a trusted copy in any read-only location (a partition mounted R/O, a CD, etc.) I'm not even talking about revision control systems or the many tools you find in build farm clusters.
It doesn't matter how deep did the changes go or how frequently the code is actually compiled/used. It could be the source for ls or fdisk, changes will be uncovered as much AND just as easily.

Borsuc wrote:
Yeah every 6 months or so (the kernel) I think

Eh???? Diffs are generated as soon as a file is modified, even if it was just the correction of a typo in the comments.
Post 23 Aug 2009, 12:40
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
revolution wrote:
Many people don't check diffs.

And many people don't check their closet or under their bed for any intruder. Really what's your point? That stupid/ignorant people who have no concern for security don't check the code that enters their systems just like they check the food they eat? Let those have all the viruses in the world.
Hopefully, I know the members of the core team, security officers, release engineering team members, maintainers of the port tree, etc. do NOT belong to that category.

And the fact is, even if not everybody check the sources, changelogs, diffs, etc. many still do so it might be virtually impossible to infect sources for long. That's not the case at all for proprietary software where only the developer(s) have access to the source and the rest have to trace MBs of code in a debugger or check its deadlisting in a disassembler.
Post 23 Aug 2009, 12:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17463
Location: In your JS exploiting you and your system
revolution
ManOfSteel wrote:
revolution wrote:
Many people don't check diffs.

And many people don't check their closet or under their bed for any intruder. Really what's your point? That stupid/ignorant people who have no concern for security don't check the code that enters their systems just like they check the food they eat? Let those have all the viruses in the world.
Hopefully, I know the members of the core team, security officers, release engineering team members, maintainers of the port tree, etc. do NOT belong to that category.

And the fact is, even if not everybody check the sources, changelogs, diffs, etc. many still do so it might be virtually impossible to infect sources for long. That's not the case at all for proprietary software where only the developer(s) have access to the source and the rest have to trace MBs of code in a debugger or check its deadlisting in a disassembler.
My point was not to bash OSS, I think that is what you assumed. My point was to say that mistakes happen (I gave the link) and people don't notice even though it is OSS and stuff like that "can't happen" (and to answer a previous poster's mis-statements).

OSS is not a panacea to all problems, but I do think it will be part of the solution (that is, if the solution is ever found).
Post 23 Aug 2009, 13:02
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
revolution wrote:
ManOfSteel wrote:
revolution wrote:
Many people don't check diffs.

And many people don't check their closet or under their bed for any intruder. Really what's your point? That stupid/ignorant people who have no concern for security don't check the code that enters their systems just like they check the food they eat? Let those have all the viruses in the world.
Hopefully, I know the members of the core team, security officers, release engineering team members, maintainers of the port tree, etc. do NOT belong to that category.

And the fact is, even if not everybody check the sources, changelogs, diffs, etc. many still do so it might be virtually impossible to infect sources for long. That's not the case at all for proprietary software where only the developer(s) have access to the source and the rest have to trace MBs of code in a debugger or check its deadlisting in a disassembler.
My point was not to bash OSS, I think that is what you assumed. My point was to say that mistakes happen (I gave the link) and people don't notice even though it is OSS and stuff like that "can't happen" (and to answer a previous poster's mis-statements).

OSS is not a panacea to all problems, but I do think it will be part of the solution (that is, if the solution is ever found).
The retarded example in your link wasn't a problem with OSS. It was a problem with relying on third party tools like Valgrind to "maintain" your code for you (as if HLLs weren't easy enough already), and accepting the changes it made without question.. if anything, it would be easier for this to happen in a closed source environment, since then nobody else but the developers in that company would have even had an opportunity to judge the change..
Post 23 Aug 2009, 13:32
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17463
Location: In your JS exploiting you and your system
revolution
Azu wrote:
The retarded example in your link wasn't a problem with OSS.
I'm glad you agree with me. (except for the "retarded" part, the example was perfect for my discussion)
Azu wrote:
... It was a problem with relying on third party tools like Valgrind to "maintain" your code for you (as if HLLs weren't easy enough already), and accepting the changes it made without question.. if anything, it would be easier for this to happen in a closed source environment, since then nobody else but the developers in that company would have even had an opportunity to judge the change..
Yes, and I showed it can happen no matter if the source is closed or open. As to whether it is easier or harder, that has not been proven. Can you prove that? Or is that something you would like us to accept as an axiom?
Post 23 Aug 2009, 13:46
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
revolution wrote:
Azu wrote:
... It was a problem with relying on third party tools like Valgrind to "maintain" your code for you (as if HLLs weren't easy enough already), and accepting the changes it made without question.. if anything, it would be easier for this to happen in a closed source environment, since then nobody else but the developers in that company would have even had an opportunity to judge the change..
Yes, and I showed it can happen no matter if the source is closed or open. As to whether it is easier or harder, that has not been proven. Can you prove that? Or is that something you would like us to accept as an axiom?
Yes, I'd like you to accept as an axiom the fact that seeing the changes made makes it easier to see if a bad change is made. If you somehow manage to refute this, I'll gladly hang my head and shame and stop replying for 24 hours.
Post 23 Aug 2009, 13:51
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17463
Location: In your JS exploiting you and your system
revolution
It depends upon more factors than your simplistic assumptions. What is the quality of the eyes "seeing" the changes. Is there a formal process of review before changes are made? Do people have to vote before changes are made? Etc. Private source can often have higher standards than open source, it depends who writes it and who is paying the bills. I reject your statement as an axiom, on the grounds that the assumptions to get there are too great and unproven. Try again.
Post 23 Aug 2009, 13:56
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
revolution wrote:
It depends upon more factors than your simplistic assumptions. What is the quality of the eyes "seeing" the changes. Is there a formal process of review before changes are made? Do people have to vote before changes are made? Etc. Private source can often have higher standards than open source, it depends who writes it and who is paying the bills. I reject your statement as an axiom, on the grounds that the assumptions to get there are too great and unproven. Try again.
Sorry, but none of that has anything to do with open-source vs closed-source.
It's like saying "If I take this apple and soak it in ammonia, it will taste worst than broccoli, and therefor broccoli tastes better than apples"..

If you change other factors besides whether or not it's open-source, you no longer have an open-source vs closed-source debate. You have a combination of many factors vs another combination of many factors debate.

Try again.
Post 23 Aug 2009, 14:02
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17463
Location: In your JS exploiting you and your system
revolution
Azu, you started it with your unproven claims, I just wanted you to prove your point. But as usual, you, instead, try to steer the argument to something else when you don't know how to respond.

Please feel free to actually prove your statements. Or, at the very least have some logical discussion prepared as to how you come to your conclusions.
Post 23 Aug 2009, 14:07
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
revolution wrote:
Azu, you started it with your unproven claims, I just wanted you to prove your point. But as usual, you, instead, try to steer the argument to something else when you don't know how to respond.

Please feel free to actually prove your statements. Or, at the very least have some logical discussion prepared as to how you come to your conclusions.
Unproven? It's simple logic; if you are unable to know what changes are made, you will have a harder time telling if the changes made at bad than you will if you are able to know what changes are made. How would you have me "prove" this? If you had a basic understanding of the English language, it should be self-evident on it's own. It is logically impossible to know details about something (whether or not it is harmful, in this case) without knowing anything about it.


You're the one who just tried to derail this conversation by making completely baseless and unrelated claims about "ya well closed source companies have more funding and better coders" and stuff. Please stop trying to project your own logical fallacies onto me. This discussion is about the merits of open-source versus those of closed-source, not which camp happens to have more fans, or more money, or more/better coders.
Post 23 Aug 2009, 14:11
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17463
Location: In your JS exploiting you and your system
revolution
Azu wrote:
Unproven? It's simple logic; if you are unable to know what changes are made, you will have a harder time telling if the changes made at bad than you will if you are able to know what changes are made.
Strawman
Azu wrote:
How would you have me "prove" this? If you had a basic understanding of the English language,
Ad hominem
Azu wrote:
... it should be self-evident on it's own. It is logically impossible to know details about something (whether or not it is harmful, in this case) without knowing anything about it.You're the one who just tried to derail this conversation by making completely baseless and unrelated claims about "ya well closed source companies have more funding and better coders" and stuff. Please stop trying to project your own logical fallacies onto me.
Strawman ... again!
Post 23 Aug 2009, 14:18
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
revolution wrote:
Azu wrote:
Unproven? It's simple logic; if you are unable to know what changes are made, you will have a harder time telling if the changes made at bad than you will if you are able to know what changes are made.
Strawman
Azu wrote:
How would you have me "prove" this? If you had a basic understanding of the English language, it should be self-evident on it's own. It is logically impossible to know details about something (whether or not it is harmful, in this case) without knowing anything about it.
Ad hominem
Azu wrote:
You're the one who just tried to derail this conversation by making completely baseless and unrelated claims about "ya well closed source companies have more funding and better coders" and stuff. Please stop trying to project your own logical fallacies onto me.
Strawman ... again!
Calling out your ignoratio elenchi was neither a straw man argument nor an ad hominem attack. It was an attempt to stop you from changing the subject. A failed one, apparently. Sad
Post 23 Aug 2009, 14:19
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
I think the Delphi standard library source code was open source already.

It doesn't actually matter if it's open or closed. Everyone who says that it's easy to check changes in Linux doesn't know the complexity of the buttload of features in the kernel alone, excluding distributions which come with a shitload of GNU apps.

What the hell do you mean it's "read-only"? Of course if you program the kernel you're going to have access to it, and so does the virus! (which is hidden, probably, in your IDE already!).

_________________
Previously known as The_Grey_Beast
Post 23 Aug 2009, 17:48
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Okay, what exactly do you need here? A picture? A pie chart? The solution for an algebra problem?

If you had ever used a *nix system in your life, you'd already know you can mount partitions normally (i.e. read-write) or read-only. You'd also know that no one can modify anything there, not even ROOT, unless some changes are done which could only be carried out manually by a human with physical access to the machine and with knowledge of root's password.
This happens right above the *ATA/SCSI/whatever driver-level. Nothing could ever get in there unless of course the source of init or a similar process was infected. But this wouldn't go unnoticed, far from it, since this code is rarely modified (like once in months).

How would it get there in the first place when the local source you use to make world is stored in a read-only location like /usr/src (the install CD-ROM is read-only too, AFAIK) and the remote source you could fetch and compile locally is scrutinized letter by letter by revision control systems (with any change tracked by diffs), as well as by dozens of people whose main job is to literally check every single line of added/modified code and sometimes argue with the committer. Have you ever seen a commit process? It's worse than fisc enquiries.

Now maybe the remote source is also infected, and the RCS's source is infected too and it was itself recently "auto-compiled" (without anyone noticing of course!) by the virus to make sure the viral code was included, and the core team, security officers, individual committers, and thousands if not millions of individual and organizational users worldwide (including major computing corporations, CS faculties, the NSA, DARPA, etc.) didn't notice either because the virus also infected the source code of their optical nerve and central nervous system.

Two weeks ago I was nicknamed Mr. Paranoid. Here, take my hat; I won't need it anymore apparently.
Post 23 Aug 2009, 21:26
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
When you modify the source code. It's not an "archive" that stays read-only forever! Let's say that you update the kernel, for example, add a bit of code.

Then the virus can get in, if your IDE for example is already infected!

and actually, I'm being paranoid now (didn't deny that), I didn't say that I'm worried about it Laughing

_________________
Previously known as The_Grey_Beast
Post 23 Aug 2009, 23:57
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
I think the Delphi standard library source code was open source already.

It doesn't actually matter if it's open or closed. Everyone who says that it's easy to check changes in Linux doesn't know the complexity of the buttload of features in the kernel alone, excluding distributions which come with a shitload of GNU apps.

What the hell do you mean it's "read-only"? Of course if you program the kernel you're going to have access to it, and so does the virus! (which is hidden, probably, in your IDE already!).
The thing is, when it's open-source and you just get little diff patches to apply, you don't have to dissasemble the entire program and analyze all of the resulting uncommented assembler code. You just have to look at the changed lines of source code, and if you don't like them, revert.
Post 24 Aug 2009, 03:29
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
took them a long time to find it though (not that it was hard mind you, but it was not making you suspect it)
Post 24 Aug 2009, 15:51
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
took them a long time to find it though (not that it was hard mind you, but it was not making you suspect it)
Their fault, not the fault of it being open source.
Post 24 Aug 2009, 15:54
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Exactly. I never blamed open source for it, I said that just because semething is open source doesn't mean it's uninfestable (is that even a word?).
Post 24 Aug 2009, 15:57
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
Exactly. I never blamed open source for it, I said that just because semething is open source doesn't mean it's uninfestable (is that even a word?).
Agreed. It just means it is harder to infest than it would be were it closed source.
Post 24 Aug 2009, 16:09
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.