[rescue] "New" SPARCserver 20

Dan Debertin rescue at sunhelp.org
Tue Jun 19 10:20:48 CDT 2001

On Tue, 19 Jun 2001, David Murphy wrote:

> > (as far as I know -- it could be riddled with bugs, and it could
> > email /etc/shadow somewhere, for all I know. I can't see the
> > source.)
> You can see your MTA logs, can't you?

It was just an example. There are other things it could possibly do that
would not be logged.

> You can see the trace output can't you?

How many syscalls d'you think that thing makes in a second? Just how much
spare time do you think I have, anyway? ;)

> You audit the source when you have it, do you? The security advantages
> of having the source code are real but usually overstated.

That is a valid point, but I don't believe that I overstated them. The
fact that I cannot audit the source means that others in the community
whose opinions I trust (for example, NetBSD/OpenBSD package maintainers)
also cannot.

Dan Debertin
airboss at nodewarrior.org

More information about the rescue mailing list