[Mono-list] Re: Bootstrapping

Norbert Bollow nb@SoftwareEconomics.biz
Mon, 12 Jul 2004 16:17:06 +0200

Hash: SHA1

Paolo Molaro <lupus@ximian.com> wrote:

> > Is this an attempt to spread FUD (Fear, Uncertainty and Doubt) about
> > the DotGNU Portable.Net (pnet) system, or did you honestly write the
> > above without thinking about the matter first?
> It's not FUD, it's just the reality: if people think that using pnet is
> safer wrt a possible trojan injected by MS, they are deluding
> themselves (and showing they don't know much about security).

You claimed that MS had more opportunity to inject a trojan into
our system than they had for injecting a trojan into yours, thereby
implying that that would have been possible for them.  Since the kind
of attack which was under discussion is possible only with compilers
which are used to compile themselves (which is the case with mono's
compiler but not with the DotGNU Portable.Net system), the statement
which you made is FUD and you owe us an apology for it.

> Unless the C compiler (for example) was trojaned by the Console.WriteLine()
> implementation (emitted by the hyphotetical trojaning MS compiler) when
> the first tests were run with pnet. So the moment you ran untrusted code
> on the system, it doesn't matter if you bootstrap from C or from C#.

Even more FUD.  Even if (as you seem to imply) a hypothetical
trojaning MS compiler had trojaned early pnetlib builds in a way which
exploits some kernel security hole on GNU/Linux systems to gain root
privileges to modify the C compiler installation on that machine, that
would not have affected the binaries which we distribute today because
they're built on other machines which have probably never received
_any_ binaries from the machines where the early tests were done.  (If
in your opinion the "probably" above isn't good enough, let me know; I
can easily enough do a round of builds on machines where I can guarantee
this to be the case.)

> Just as a summary, since people seem to be sensitive about these issues:
> *) I don't think MS has trojaned either mono or pnet
> *) if they could have trojaned mono, they could have done the same to pnet
> *) since the trojaning of both systems is theoretical it's not easy to
> say which one of the two could be more likely, but feel free to discuss
> it in the paranoia@forever.com list:-)

I do think that the (at least theoretical) possibility of trojaned
self-compiling compilers should be on the "long list of potential
issues to take into consideration".  I do not think that it is
appropriate to single out MS as the only potential attacker.

I believe that good security can be achieved only by taking into
consideration all possible attacks from all possible attackers.  Is
the Mono project leadership in disagreement with this view?

Greetings, Norbert.

- -- 
Founder & Steering Committee member of DotGNU, see http://dotgnu.org/
Free Software Business Strategy Guide   --->  http://FreeStrategy.info
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59        Fax +41 1 972 20 69       http://norbert.ch
Version: GnuPG v1.2.4 (GNU/Linux)