From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ian Grant Newsgroups: gmane.comp.gnu.lightning.general,gmane.lisp.guile.devel Subject: The Free Semantics Foundation Date: Wed, 3 Sep 2014 21:57:17 -0400 Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5112897646090265029==" X-Trace: ger.gmane.org 1409795852 21521 80.91.229.3 (4 Sep 2014 01:57:32 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 4 Sep 2014 01:57:32 +0000 (UTC) To: Richard Stallman , guile-devel-mXXj517/zsQ@public.gmane.org, lightning , Markus Kuhn , Theo deRaadt , Linus Torvalds Original-X-From: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Thu Sep 04 03:57:27 2014 Return-path: Envelope-to: gcglg-lightning@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XPMIg-0003Ku-LH for gcglg-lightning@m.gmane.org; Thu, 04 Sep 2014 03:57:26 +0200 Original-Received: from localhost ([::1]:48371 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XPMIg-0002Mi-CY for gcglg-lightning@m.gmane.org; Wed, 03 Sep 2014 21:57:26 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35408) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XPMIb-0002MS-Vk for lightning-mXXj517/zsQ@public.gmane.org; Wed, 03 Sep 2014 21:57:23 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XPMIY-0004AB-Sz for lightning-mXXj517/zsQ@public.gmane.org; Wed, 03 Sep 2014 21:57:21 -0400 Original-Received: from mail-wi0-x233.google.com ([2a00:1450:400c:c05::233]:54299) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XPMIY-00049p-Hv; Wed, 03 Sep 2014 21:57:18 -0400 Original-Received: by mail-wi0-f179.google.com with SMTP id q5so216440wiv.12 for ; Wed, 03 Sep 2014 18:57:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=5PDpBxGYBo3qKFLhiECcx7MklI/YDkMXYcGCWSRYMT4=; b=aPEd2VKbAByrQGCEz2OteuA49i5eMACfRci83sGsB3SGKi7/4nzUlK6ySa/+/JSmDt 4FhRQNYmjr6VBlXi6DgImiG1hE3fGKrX6ED88zYTTpoPhwrWI25rBI2hRbyFLQW4TfYL jwAmb+f5fKw8b+V+I6tLWc0ReShei8Bmbye3WuITfRyLZX85g1Vww8Zuui9Or0YdQJlC PvjbkT0MH6hdAGOaOd3wQ+ecBJT4lsW8utOosYg73nhn0MVeW4lHkecMDn3mIxGcGuva CqBfXZcrGd04FNQFVyhRh0QRS0mwH/tMwolkbEI4xA1UEP6RAWFqJ+ZBehAr5PYf1eVu B65g== X-Received: by 10.180.184.40 with SMTP id er8mr1546206wic.31.1409795837347; Wed, 03 Sep 2014 18:57:17 -0700 (PDT) Original-Received: by 10.194.219.234 with HTTP; Wed, 3 Sep 2014 18:57:17 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c05::233 X-BeenThere: lightning-mXXj517/zsQ@public.gmane.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Original-Sender: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Xref: news.gmane.org gmane.comp.gnu.lightning.general:559 gmane.lisp.guile.devel:17395 Archived-At: --===============5112897646090265029== Content-Type: multipart/alternative; boundary=001a11c3504e1769d5050233ac28 --001a11c3504e1769d5050233ac28 Content-Type: text/plain; charset=UTF-8 > That hack recognized specific syntax. Any change in the wrong > place would break it. Which hack was that? The one Thompson is reported to have actually implemented in Unix? You are assuming what you are trying to prove: you are assuming there has only ever been one instance of this class of attack, and you are trying to prove that this class of attack is unlikely. That used to be called "Begging the Question" but nowadays the general level of understanding of logic is so poor that most uses of that phrase are not in this sense. It may *seem* unlikely, but to anyone who has given serious thought to the possibilities of such an attack it seems more than wildly probable. I suppose everyone know that Roger Schell spent several years in the office of deputy director of the NSA's National Computer Security Centre? If he did not alert the NSA to the possibility of this sort of attack then he was not doing his job properly. Having read some of the Computer Security History Project interview with him, I do not think Roger Schell is the sort of person who doesn't do his job properly. Thompson wrote that paper in 1984, and I don't think that was a coincidence. What he shows is that if you control the semantics of a language, that is if you control the meaning of what people say, then you control what they *see,* and so you also control what they think. And that was a theme in Orwell's book "1984." By controlling the meaning of what people say, Big Brother controlled their thought. In programming terms, if you control the semantics of the compiler, then you can control what people see. For example, you can insert code into libc.so and ld.so that looks for certain signatures and then changes the data that system calls like read and stat return to certain programs, such as sha256sum and objdump for example, according to some predicate. You can also monitor the behaviour of other programs. If you see that there is a program that reads mainly C source and writes mainly a.out executables, then you know those executables should contain a certain signature, and if they don't then you know you have a C compiler on the system which is not bugged, at least, one which has not got *your* bug (it may have any number of other such bugs however, because this semantics generalises.) So you can call for help, or you can even insert code to call for help into the binaries that program creates. Basically, your power over the system appears to be total. Of course it's not, because there are any number of other such bugs in there with you. In the end the only person who is guaranteed not to have control over what the system does is the program source code. Now it may seem unlikely to some that this has been done. But it is surely obvious to *everyone* that this is *possible,* and since the advantage an attacker accrues if he can pull this off effectively is incalculable, it should also be obvious to *everyone* that if this has not yet been done, then it will soon be done. Perhaps as a direct result of people reading what I am writing right now. So I hope people will focus on this problem, in spite of what Richard says. He will change his mind in due course, quite shortly I think :-) Focussing on free source code is pointless, we need to focus on free semantics. Of course this negates certain fairly fundamental principles of the Free Software Foundation. One of these is the idea of "Copyleft." By taking concrete representation of algorithms as the stock-in-trade of computer programmers, it is able to use the copyright laws to effect a kind of viral copyright status which automatically infects any program which uses that particular source code representation. The problem is that once one concentrates on free semantics rather than free source code, there is no longer any recourse to the copyright laws: the copyright laws protect only one particular concrete representation of an idea. The only legal protection sematics have is through patent law. So the Free Software Foundation, if it's to 'own' anything at all anymore, will have to register and defend its assets as patents. Ian --001a11c3504e1769d5050233ac28 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
> That hack recognized specific syntax.=C2=A0 Any chang= e in the wrong
> place would break it.

Which hack was that? Th= e one Thompson is reported to have actually
implemented in Unix? You are= assuming what you are trying to prove: you are assuming there has only eve= r been one instance of this class of attack, and you are trying to prove th= at this class of attack is unlikely. That used to be called "Begging t= he Question" but nowadays the general level of understanding of logic = is so poor that most uses of that phrase are not in this sense.

It may *seem* unlikely, but to anyone who has given serious thought to = the possibilities of such an attack it seems more than wildly probable.
=
I suppose everyone know that Roger Schell spent several years in the of= fice of deputy director of the NSA's National Computer Security Centre?= =C2=A0 If he did not alert the NSA to the possibility of this sort of attac= k then he was not doing his job properly. Having read some of the Computer = Security History Project interview with him, I do not think Roger Schell is= the sort of person who doesn't do his job properly.

Thompson wrote that paper in 1984, and I don't think that was a coi= ncidence. What he shows is that if you control the semantics of a language,= that is if you control the meaning of what people say, then you control wh= at they *see,* and so you also control what they think. And that was a them= e in Orwell's book "1984." By controlling the meaning of what= people say, Big Brother controlled their thought.

In programming terms, if you control the semantics of the compiler, the= n you can control what people see. For example, you can insert code into li= bc.so and ld.so that looks for certain signatures and then changes the data= that system calls like read and stat return to certain programs, such as s= ha256sum and objdump for example, according to some predicate. You can also= monitor the behaviour of other programs. If you see that there is a progra= m that reads mainly C source and writes mainly a.out executables, then you = know those executables should contain a certain signature, and if they don&= #39;t then you know you have a C compiler on the system which is not bugged= , at least, one which has not got *your* bug (it may have any number of oth= er such bugs however, because this semantics generalises.) So you can call = for help, or you can even insert code to call for help into
the binaries that program creates. Basically, your power over the system ap= pears to be total. Of course it's not, because there are any number of = other such bugs in there with you. In the end the only person who is guaran= teed not to have control over what the system does is the program source co= de.

Now it may seem unlikely to some that this has been done. But it is sur= ely obvious to *everyone* that this is *possible,* and since the advantage = an attacker accrues if he can pull this off effectively is incalculable, it= should also be obvious to *everyone* that if this has not yet been done, t= hen it will soon be done. Perhaps as a direct result of people reading what= I am writing right now.

So I hope people will focus on this problem, in spite of what Richard s= ays. He will change his mind in due course, quite shortly I think :-)
Focussing on free source code is pointless, we need to focus on free sema= ntics. Of course this negates certain fairly fundamental principles of the = Free Software Foundation. One of these is the idea of "Copyleft."= By taking concrete representation of algorithms as the stock-in-trade of c= omputer programmers, it is able to use the copyright laws to effect a kind = of viral copyright status which automatically infects any program which use= s that particular source code representation. The problem is that once one = concentrates on free semantics rather than free source code, there is no lo= nger any recourse to the copyright laws: the copyright laws protect only on= e particular concrete representation of an idea. The only legal
protection sematics have is through patent law. So the Free Software Founda= tion, if it's to 'own' anything at all anymore, will have to re= gister and defend its assets as patents.

Ian

--001a11c3504e1769d5050233ac28-- --===============5112897646090265029== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Lightning mailing list Lightning-mXXj517/zsQ@public.gmane.org https://lists.gnu.org/mailman/listinfo/lightning --===============5112897646090265029==--