[Mono-list] Re: Bootstrapping

[Todd Berman]

On Mon, 2004-07-12 at 16:17 +0200, Norbert Bollow wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Paolo Molaro <lupus@ximian.com> wrote:
> 
> > > Is this an attempt to spread FUD (Fear, Uncertainty and Doubt) about
> > > the DotGNU Portable.Net (pnet) system, or did you honestly write the
> > > above without thinking about the matter first?
> > 
> > It's not FUD, it's just the reality: if people think that using pnet is
> > safer wrt a possible trojan injected by MS, they are deluding
> > themselves (and showing they don't know much about security).
> 
> You claimed that MS had more opportunity to inject a trojan into
> our system than they had for injecting a trojan into yours, thereby
> implying that that would have been possible for them.  Since the kind
> of attack which was under discussion is possible only with compilers
> which are used to compile themselves (which is the case with mono's
> compiler but not with the DotGNU Portable.Net system), the statement
> which you made is FUD and you owe us an apology for it.
> 
> > Unless the C compiler (for example) was trojaned by the Console.WriteLine()
> > implementation (emitted by the hyphotetical trojaning MS compiler) when
> > the first tests were run with pnet. So the moment you ran untrusted code
> > on the system, it doesn't matter if you bootstrap from C or from C#.
> 
> Even more FUD.  Even if (as you seem to imply) a hypothetical
> trojaning MS compiler had trojaned early pnetlib builds in a way which
> exploits some kernel security hole on GNU/Linux systems to gain root
> privileges to modify the C compiler installation on that machine, that
> would not have affected the binaries which we distribute today because
> they're built on other machines which have probably never received
> _any_ binaries from the machines where the early tests were done.  (If
> in your opinion the "probably" above isn't good enough, let me know; I
> can easily enough do a round of builds on machines where I can guarantee
> this to be the case.)
> 
> > Just as a summary, since people seem to be sensitive about these issues:
> > *) I don't think MS has trojaned either mono or pnet
> > *) if they could have trojaned mono, they could have done the same to pnet
> > *) since the trojaning of both systems is theoretical it's not easy to
> > say which one of the two could be more likely, but feel free to discuss
> > it in the paranoia@forever.com list:-)
> 
> I do think that the (at least theoretical) possibility of trojaned
> self-compiling compilers should be on the "long list of potential
> issues to take into consideration".  I do not think that it is
> appropriate to single out MS as the only potential attacker.
> 
> I believe that good security can be achieved only by taking into
> consideration all possible attacks from all possible attackers.  Is
> the Mono project leadership in disagreement with this view?
> 
> Greetings, Norbert.
> 
> - -- 
> Founder & Steering Committee member of DotGNU, see http://dotgnu.org/
> Free Software Business Strategy Guide   --->  http://FreeStrategy.info
> Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
> Tel +41 1 972 20 59        Fax +41 1 972 20 69       http://norbert.ch
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> 
> iD8DBQFA8p0uoYIVvXUl7DIRAtyCAKDVHhHRr2zfqivIoejt1JWSWoVf4ACgsNEB
> I2A4ZMmPczZ9bexxWGvw8sM=
> =0Kuz
> -----END PGP SIGNATURE-----

Just out of curiosity, who the hell cares?

Neither one is trojaned. Lets just move on.

--Todd