Re: [tlug] Bashing away at Unix

["Stephen J. Turnbull" <stephen@example.com>]

Dave Brown writes:

 > S L Baur already explained this, but I will admit that this reminds me
 > of an amusing time when I offered to test out a restricted shell that
 > was hacked together for a programming contest by one of the smartest
 > security brains I know (Ian Goldberg).  As a beautiful example of "the
 > smartest fencer can be disarmed by a trick he doesn't know", I blew his
 > cho-ultra-secure shell away by using ^ as a pipe character instead of |.
 > He hadn't read the bash man page carefully enough, and had missed that
 > it supported that particular ancient artifact.

Instructive, but how sad.  One of the "smartest security brains you
know" taken in by a *known* Trojan horse.  Just goes to show that
"smart" is irrelevant to "secure".

But his mistake was not in insufficiently careful reading of the man
page.  I just talked to Steve Baur, who claimed that he's never seen
it documented in a man page.  (Note that I'm not saying it wasn't
there in the relevant bash man page, just giving evidence that many
features do go undocumented.)

In security, you do *not* read man pages (I learned that from
experience, I got my MTA pwnzred for using secure configuration
directives that weren't actually implemented until several months
later), you read source.  If you don't have source and build the
binaries yourself, forget "secure".  And even then you're not safe
from Ken Thompson or hardware intrusion.  And you do *not* start with
GNU Project code; there's enough structure there that calling it
spaghetti code is unfair, so let's call it "champon-udon code". ;-)

 > Remember history, for if you forget, it will bite you in your arse.

In cho-ultra-security, forget history.  Nothing you aren't as familar
with as something you wrote yourself can be trusted.  Tell me, why the
hell did he risk using GNU Bash?