Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package )

[Sylvain LE GALL]

On Thu, May 29, 2003 at 01:04:58PM +0200, Simon Peter wrote:
> > >  * trying to build a real chroot for mldonkey ( maybe using
> > >   MLDONKEY_CHROOT, but it seems a little broken )
> > As I have repeated a lot, this is really the most useless part. You
> > have access to the code, so no troyan. It's written in Ocaml, so no
> > buffer overflows. What are you afraid of ?
> 
> This is still not as useless as you say. Especially the fact that it is
> written in Ocaml makes it look a lot more suspect to me:
> 
> 1. I count Ocaml to the more unknown programming languages which
> implicitly makes it more insecure because there are not many Ocaml
> programs widely in use, so it is less tested in a real field. Regardless
> of how convinced its authors may be of its security. there may be a lot
> of compiler errors in there, which could produce unsecure binaries.
> 

Well, well, you touch my ocaml spirit... Caml ( version light ) and
Ocaml is very used in france for university. I can't have a precise
count but there is programmer who use ocaml... I promise.

It is not secure in the sense of making secure program that could cannot
execute arbitray code. It is secure in the sense that segfault cannot
exist, so as for buffer overflow ( but you could run out of memory ),
strong typing, etc...

It is security of execution. Theorically, if something goes wrong, it
can only be an uncaught exception and nothing else. 

But of course it could produce unsecure binary. As i was use to say,
security is today "all what you don't have think about when you are
programming". In other word, the things that goes wrong... Maybe there
is some problem maybe not.

( anyway there is a dump of perl code in mldonkey which seem very weird
to me, it produces a perl executable script ed2k_submit in the base
directory of mldonkey).

> 2. Of course is mldonkey open-source, but another strong fact is that
> there are not many Ocaml programmers out there (including me), who could
> professionally audit your code. I'm a nice C coder, though, and i audit
> most of the other daemons, i run on my machine. With mldonkey, i have no
> clue what it really does, since i cannot understand a single line of its
> code. It's like "no sweat! we tell you everything about our program, but
> esperanto is our mother-tongue."
> 

There is some tools which are very effective to audit ocaml code ( Hoare
proof etc ). Many french researcher are working on it. There is a
natural facility in ocaml code to produce less langage bug ( accessing
uninitialized pointer... ). It restrict the power of it but enhance
quality. 

And if you want to understand ocaml :
http://caml.inria.fr/ocaml/htmlman/
( for more minitious mode of operation :
description de l'implementation de ocaml 
http://cristal.inria.fr/~lebotlan/docaml_html/french/index.html )

> Of course these are some very paranoid observations, but what other type
> of people consider to run their programs in a chroot jail? ;)
> 
> Simon
> 
> 

Kind regard
Sylvain LE GALL