openssh and defensive programming (or lack thereof)

Damien Miller djm at mindrot.org
Wed Dec 19 16:41:45 EST 2001


On Tue, 18 Dec 2001, James Ralston wrote:

> If this is true, then I challenge you to do the right: FIX THE DAMN
> BUG IN SSHD, and just as important, FIX YOUR ATTITUDE.  I can and will
> patch the former for you (as I already did, and already offered to
> redo), but I can't correct your (apparent) religious opposition to
> defensive programming, which will ultimately cause you to create new
> bugs in OpenSSH faster than they can be fixed.

You are telling the OpenBSD developers how to write secure code. Surely
you appreciate the irony here. OpenBSD's track record is worth megabytes
of polemic about development methodology.

Of the (minor) security problems that OpenSSH has had in the past three
years, how many do you think would have been avoided through this doctrine
of "defensive programming"?

sshd is a system service. If your broken system is passing stray fds to
sshd upon (re)start, you need to fix your system - it is that simple.
Why uglify every daemon on your system when you can fix the problem where
it lies? Think about what would happen if this was carried to its logical
conclusion...

-d

-- 
| By convention there is color,       \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)




More information about the openssh-unix-dev mailing list