Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gödel and kernel backdoors

From: Berend-Jan Wever <berendjanwever () gmail com>
Date: Sun, 19 Sep 2010 19:22:51 +0200
nevermind the fact that a "good" program in your list may contain as yet
unknown vulnerabilities which mean it's actually bad.
On Sep 19, 2010 7:08 PM, "Georgi Guninski" <guninski () guninski com> wrote:

On Sun, Sep 19, 2010 at 06:21:35PM +0200, Pavel Kankovsky wrote:

On the other hand, It is possible to "detect all bad programs" if it is
allowed to err on the safe side and mistake some good programs for bad
programs. An extreme example is to call all programs bad unless their
exact code appears on the list of known good programs.




i doubt this can be remotely implemented in practice because of dynamic

code like |eval| and mobile code.


can |code| be realistically distinguished from |data| for current OSes
(e.g. is a vim modeline *only a* plain string or a string + program) ?



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: