[Cryptography] How to solve the hen-and-egg problem
Tom Mitchell
mitch at niftyegg.com
Fri Jul 31 17:53:27 EDT 2015
On Fri, Jul 31, 2015 at 1:34 PM, Ben Laurie <ben at links.org> wrote:
> On Thu, 30 Jul 2015 at 08:37 Ralf Senderek <crypto at senderek.ie> wrote:
>
>> While static code analysers will work with C code, they might be less
>> valuable when it comes to reviewing the ksh scripts. These scripts
>> represent the logic of the message encryption scheme and a review
>> needs to focus on the security of the ideas, they're based on.
>>
>
> Perhaps you should consider writing those scripts in a language that lends
> itself to analysis?
>
How are the scripts being used?
Scripts that run with SUID/SGID permissions are difficult.
Many *nix disable the SGID/SGID permission bit for scripts because of the
security
challenges.
http://stackoverflow.com/questions/18698976/suid-not-working-with-shell-script
If SUID/SGID is not an issue then never mind...
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150731/7c51b5e0/attachment.html>
More information about the cryptography
mailing list