Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package )

[Simon Peter]

> As I said, every byte received from the network in mldonkey is
> translated to a nice Ocaml structure. Ocaml does checks on all string
> accesses, to avoid overflows. Of course, there are not many programs
> in Ocaml, so some bugs are still there somewhere, but on the other
> hand, the Ocaml runtime is pretty small, and it can easily be verified
> that these checks are correctly done.

Did anyone do that until now? If not, we're back at #2.

I'm sure you do your best to code as correctly and safe as possible, and
also the Ocaml developers hopefully did their best to make their
compilers as safe as possible. But this doesn't do anything to the fact,
that all is developed by humans, and humans are fallible. So all
software is inherently faulty (i bet you knew that already ;) ) and
crackers use exactly that fact for their own good.

> >  2. Of course is mldonkey open-source, but another strong fact is
> >  that there are not many Ocaml programmers out there (including me),
> >  who could professionally audit your code. I'm a nice C coder,
> Yes, but if you have read slashdot last week, you should now know more
> about Ocaml :) Or at least, you should know that you should learn it

I'm not a regular slashdot reader, so what did i miss?

> My point is just that a debian package is probably not useful for such
> people, and its maintainer should focus on making it more friendly,
> instead of focusing on security. Maybe I'm a bit too naive, but I

Well, with network daemons, he should always go for security first. But
having it run chrooted with a debian package is not the usual way
either. This would rather fit as a special, security-enhanced package,
but not in the base distribution. As Debian is not designed to have
daemons running chrooted by default, this will lead to all kinds of
problems. Chrooting in general can't be easily automated, since the
installation scripts can't easily be knowing about all files the
sysadmin wants the chrooted program to see.

> don't like the mis-trust and the associated security campaigns of the
> modern world, I prefer thinking that we are all friends (anyway, there

I'm still trying to believe in it, but the world showed me otherwise,
unfortunately...

And chrooting is not only about being paranoid of crackers, it is also
about being aware about logic (human) errors in the software. What if
mldonkey decides to go bonkers and erase half of my HD? I just need to
have it run as root for just the startup time to let it get some
privileged ports and it could do that in no delay. Also when solely
running as its own user, it could do at least some harm to other
programs by deleting some files in certain world-writable directories
(/tmp for example).

> is nothing to be stolen on my computer, except the photos of my last
> holidays :)

Hehe. Let's talk again when you got some serious data on your machine
(just kidding). ;))

Simon