mldonkey-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Packag

From: Pierre Etchemaite
Subject: Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package )
Date: Thu, 29 May 2003 16:31:05 +0200 
Le Thu, 29 May 2003 15:14:02 +0200, b8_bavard <address@hidden> a
écrit :

        Hi,

> Maybe I'm a bit too naive, but I
> don't like the mis-trust and the associated security campaigns of the
> modern world, I prefer thinking that we are all friends (anyway, there
> is nothing to be stolen on my computer, except the photos of my last
> holidays :)

Very common (false) argument. They're many things to stole on any computer,
be it its CPU power, or much more likely in that case, your bandwidth.

I hope you won't have to learn it the hard way, like one of your box being
rooted by russians to send porn spam (real life example).


Even if the Ocaml runtime is considered safe (that is, has been checked by
several security experts), MLdonkey is not written 100% in Ocaml. I remember
I/O exceptions triggered from C routines because of some unhandled error
cases... Maybe they're others hiding. Maybe they're exploitable.

It doesn't mean that I think Mldonkey will be exploited soon.

First, because even if it has a leg in many networks (so it is *very*
exposed to attacks), it has a small "market share", and it doesn't share
code with the implementations that are likely to be exploited (namely, the
most used client(s) of each network).

And second, because even if it's not proved yet, I think you're mostly right
about the safety of Ocaml.

BR,
Pierre.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]