Re: TinyLogin - Mike (mwester)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Mike (mwester)" <mwester@dls.net>
To: openembedded-devel@openembedded.org
Subject: Re: TinyLogin
Date: Mon, 30 Mar 2009 08:57:27 -0500	[thread overview]
Message-ID: <49D0CFC7.9090902@dls.net> (raw)
In-Reply-To: <200903301333.04881.hs4233@mail.mn-solutions.de>

Holger Schurig wrote:

> However, I like to base fear on evidence, that's why I replied.

Having spent 4 years of my life working in the security space, and a
year of that actually reviewing source code for security-related issues,
I can safely say that in my part of the world (central US), it is the
other way around:

when security is involved, fear is based on _lack_ of evidence of
correctness.

Due to its size and frequency of change the code is impossible for human
review, and due to structure of the code, it is unlikely for automated
commercial tools to be able to do much with it (I know; I tried once).

IMO (for what that's worth), we need to support the "everything is
busybox!" sort of build; there's just no alternative for small devices.
 But the problem is what do we do for that middle ground, for devices
that can't fit the entire set of "proper" tools but might not be willing
to take the security risk associated with running busybox SETUID.

I rather suspect tinylogin will live on, even if maintenance is minimal.

-Mike (mwester)

next prev parent reply	other threads:[~2009-03-30 13:59 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-28 21:15 TinyLogin Juan C. Villa
2009-03-28 21:54 ` TinyLogin Phil Blundell
2009-03-28 22:53   ` TinyLogin Denys Dmytriyenko
2009-03-29  9:00     ` TinyLogin Phil Blundell
2009-03-29  9:55       ` TinyLogin Koen Kooi
2009-03-30  8:53 ` TinyLogin Holger Schurig
2009-03-30  9:04   ` TinyLogin Koen Kooi
2009-03-30  9:18     ` TinyLogin Holger Schurig
2009-03-30 10:08       ` TinyLogin Phil Blundell
2009-03-30 10:54         ` TinyLogin Holger Schurig
2009-03-30 11:12           ` TinyLogin Phil Blundell
2009-03-30 11:33             ` TinyLogin Holger Schurig
2009-03-30 13:57               ` Mike (mwester) [this message]
2009-03-30 15:37                 ` TinyLogin Yuri Bushmelev
2009-03-31  9:45                   ` TinyLogin Phil Blundell
2009-03-30 10:15       ` TinyLogin Michael 'Mickey' Lauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49D0CFC7.9090902@dls.net \
    --to=mwester@dls.net \
    --cc=openembedded-devel@lists.openembedded.org \
    --cc=openembedded-devel@openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.