[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Packag
From: |
Simon Peter |
Subject: |
Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ) |
Date: |
Thu, 29 May 2003 13:04:58 +0200 |
> > * trying to build a real chroot for mldonkey ( maybe using
> > MLDONKEY_CHROOT, but it seems a little broken )
> As I have repeated a lot, this is really the most useless part. You
> have access to the code, so no troyan. It's written in Ocaml, so no
> buffer overflows. What are you afraid of ?
This is still not as useless as you say. Especially the fact that it is
written in Ocaml makes it look a lot more suspect to me:
1. I count Ocaml to the more unknown programming languages which
implicitly makes it more insecure because there are not many Ocaml
programs widely in use, so it is less tested in a real field. Regardless
of how convinced its authors may be of its security. there may be a lot
of compiler errors in there, which could produce unsecure binaries.
2. Of course is mldonkey open-source, but another strong fact is that
there are not many Ocaml programmers out there (including me), who could
professionally audit your code. I'm a nice C coder, though, and i audit
most of the other daemons, i run on my machine. With mldonkey, i have no
clue what it really does, since i cannot understand a single line of its
code. It's like "no sweat! we tell you everything about our program, but
esperanto is our mother-tongue."
Of course these are some very paranoid observations, but what other type
of people consider to run their programs in a chroot jail? ;)
Simon
- [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), Sylvain LE GALL, 2003/05/28
- Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), b8_bavard, 2003/05/29
- Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ),
Simon Peter <=
- Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), Simon Peter, 2003/05/29
- Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), Sylvain LE GALL, 2003/05/29
- Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), Udi Meiri, 2003/05/30
- Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), Simon Peter, 2003/05/31
- Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), Sylvain LE GALL, 2003/05/29
Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package ), Sylvain LE GALL, 2003/05/29