[rescue] "New" SPARCserver 20
Dan Debertin
rescue at sunhelp.org
Tue Jun 19 10:20:48 CDT 2001
On Tue, 19 Jun 2001, David Murphy wrote:
>
> > (as far as I know -- it could be riddled with bugs, and it could
> > email /etc/shadow somewhere, for all I know. I can't see the
> > source.)
>
> You can see your MTA logs, can't you?
It was just an example. There are other things it could possibly do that
would not be logged.
> You can see the trace output can't you?
How many syscalls d'you think that thing makes in a second? Just how much
spare time do you think I have, anyway? ;)
> You audit the source when you have it, do you? The security advantages
> of having the source code are real but usually overstated.
That is a valid point, but I don't believe that I overstated them. The
fact that I cannot audit the source means that others in the community
whose opinions I trust (for example, NetBSD/OpenBSD package maintainers)
also cannot.
Dan
--
Dan Debertin
airboss at nodewarrior.org
www.nodewarrior.org
More information about the rescue
mailing list