From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ian Grant Newsgroups: gmane.comp.gnu.lightning.general,gmane.lisp.guile.devel Subject: Re: Bug free programs Date: Wed, 17 Sep 2014 12:15:34 -0400 Message-ID: References: <20140917005748.8CXVB.21497.root@cdptpa-web03> <8738brsz82.fsf@yeeloong.lan> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5014624643299525774==" X-Trace: ger.gmane.org 1410970560 15230 80.91.229.3 (17 Sep 2014 16:16:00 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 17 Sep 2014 16:16:00 +0000 (UTC) Cc: lightning , dsmich-XauvlLoUTru+XT7JhA+gdA@public.gmane.org, guile-devel To: Mark H Weaver Original-X-From: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Wed Sep 17 18:15:55 2014 Return-path: Envelope-to: gcglg-lightning@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XUHta-0007SE-IQ for gcglg-lightning@m.gmane.org; Wed, 17 Sep 2014 18:15:54 +0200 Original-Received: from localhost ([::1]:46096 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XUHta-00024v-2x for gcglg-lightning@m.gmane.org; Wed, 17 Sep 2014 12:15:54 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41897) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XUHtP-00024a-I0 for lightning-mXXj517/zsQ@public.gmane.org; Wed, 17 Sep 2014 12:15:51 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XUHtK-0004ur-PF for lightning-mXXj517/zsQ@public.gmane.org; Wed, 17 Sep 2014 12:15:43 -0400 Original-Received: from mail-wi0-x22f.google.com ([2a00:1450:400c:c05::22f]:38168) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XUHtK-0004tG-Hy; Wed, 17 Sep 2014 12:15:38 -0400 Original-Received: by mail-wi0-f175.google.com with SMTP id r20so587542wiv.8 for ; Wed, 17 Sep 2014 09:15:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7nDyoTviI46iEBM61CKTm5KRvr5ZflCSmh5Ysye/SMs=; b=rEKJg5qEjzVTkpCk/uImxUbgEZ8u2Tty80LClvXV6qj9T5u6wSh80DsX5IT3+CppHH 2mQwPdbxpMNS9nuBL5nYHrKU7bH4IWwCv3kXjL6ivOWa6iJUewysJGNVolEMsXgL9nW8 tEOuxod6ZG+YhLQ+oLv2zRau7tvG0Pcyt3KrCtOfNngKaY6uhuQheigjPtndD0KLE7Z3 0AJmFHn6GfFTkDn9OwFCWyM/vzNC1/FrTOUi7ObVxFyIlinw9fqYNUv76cdtlFDhsdXP LKlr9o21Yf6ZOBe9w1TfFNvrPsdy6U7joVbuEw0KFejUwPK2tA+g2xnO49X/k06UCBS6 z1Pg== X-Received: by 10.180.184.40 with SMTP id er8mr42412842wic.31.1410970534538; Wed, 17 Sep 2014 09:15:34 -0700 (PDT) Original-Received: by 10.194.81.194 with HTTP; Wed, 17 Sep 2014 09:15:34 -0700 (PDT) In-Reply-To: <8738brsz82.fsf-Ir+b6ulHfbb+AlalS6MPSg@public.gmane.org> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c05::22f X-BeenThere: lightning-mXXj517/zsQ@public.gmane.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Original-Sender: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Xref: news.gmane.org gmane.comp.gnu.lightning.general:589 gmane.lisp.guile.devel:17470 Archived-At: --===============5014624643299525774== Content-Type: multipart/alternative; boundary=001a11c3504e7ff39d0503452da8 --001a11c3504e7ff39d0503452da8 Content-Type: text/plain; charset=UTF-8 On Tue, Sep 16, 2014 at 11:27 PM, Mark H Weaver wrote: > A Thompson virus could be hiding in this intermediate C code that would > be very hard to audit. > When did you last audit these 66,000 lines of intermediate code, which people are encouraged to run as root? If you _had_ audited it, how would you know you hadn't missed something cunningly concealed in a double expansion somewhere? ian3@jaguar:~/build/guile-2.0.11$ wc -l Makefile lib/Makefile libguile/Makefile configure 2373 Makefile 4052 lib/Makefile 3792 libguile/Makefile 55901 configure 66118 total --001a11c3504e7ff39d0503452da8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Tue, Sep 16, 2014 at 11:27 PM, Mark H Weaver <mhw@netris= .org> wrote:
A Thompson virus could be hiding in this intermediate C code that wo= uld
be very hard to audit.

When did you last audit the= se 66,000 lines of intermediate code, which people are encouraged to run as= root? If you _had_ audited it, how would you know you hadn't missed so= mething cunningly concealed in a double expansion somewhere?

ian3@ja= guar:~/build/guile-2.0.11$ wc -l Makefile lib/Makefile libguile/Makefile co= nfigure
=C2=A0=C2=A0 2373 Makefile
=C2=A0=C2=A0 4052 lib/Makefile
= =C2=A0=C2=A0 3792 libguile/Makefile
=C2=A0 55901 configure
=C2=A0 661= 18 total

=C2=A0
--001a11c3504e7ff39d0503452da8-- --===============5014624643299525774== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Lightning mailing list Lightning-mXXj517/zsQ@public.gmane.org https://lists.gnu.org/mailman/listinfo/lightning --===============5014624643299525774==--