Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Fri, 19 Jul 2002 10:21:56 -0700
Security critical code shouldn't be commented. :) It should either be sufficiently obvious or the auditor should be sufficiently skilled that comments aren't needed -- besides they just serve as distractions. :) If you don't have comments, your comments and your code are never in disagreement!!! :)
However the one thing that is usually lacking in code is the assumptions made by the author. If those assumptions turn out to be false (later versions of a protocol change expected values, for example) then it's a lot easy to re-examine code by seeing how those assumptions affect the original code. I've too often seen cases where someone writes code to be run as a normal user, and expect that the user could try buffer overflows, bad arguments, etc, and break the program, but then they'd only get their own access back anyway. Then along comes someone else and wants to make it setuid, daemonize it, etc. If there's already a list of assumptions about where the program can fail, it's a lot easier for this person to secure it in the new extra-privileged environment. (You could argue that they should start from scratch, however, and you'd be right.) Comments about code that is not bad in the current version but could be if other dependencies or situations differ is *always* a good idea. -- Brian Hatch "Are you expected?" Systems and "No. Dreaded." Security Engineer http://www.ifokr.org/bri/ Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Code reviews [Was: FWTK and smap/smapd], (continued)
- Message not available
- Code reviews [Was: FWTK and smap/smapd] Marcus J. Ranum (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Jim Duncan (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 22)
- Re: Code reviews [Was: FWTK and smap/smapd] ark (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Joseph S D Yao (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Darren Reed (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Joseph S D Yao (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Darren Reed (Jul 23)
- Re: FWTK and smap/smapd Brian Hatch (Jul 19)
- Re: FWTK and smap/smapd Adam Shostack (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 18)
- Re: FWTK and smap/smapd Darren Reed (Jul 18)
- Re: FWTK and smap/smapd Charles W. Swiger (Jul 17)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Devdas Bhagat (Jul 17)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Charles W. Swiger (Jul 17)