LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Quote of the week

Quote of the week

Posted Oct 21, 2006 0:18 UTC (Sat) by intgr (subscriber, #39733)
In reply to: Quote of the week by sbergman27
Parent article: Quote of the week

Consider that:
(1) Video driver code is uninteresting for crackers since there are so many levels of indirection between the network/file formats and the graphics driver, that even if a bug was found, it will likely be impossible to exploit without direct access to the computer or the X server.
(2) Binary BLOBs take *much* more effort to audit since all the attacker has is the assembly code - which has to be reverse engineered and understood first.

Given these conditions that make auditing binary video drivers particularly unattractive, I think it's grossly unfair to compare it to an average piece of OSS code.

(Log in to post comments)

Quote of the week

Posted Oct 21, 2006 14:02 UTC (Sat) by mday_ii (subscriber, #25315) [Link]

I was first exposed to the acronym "BLOB" in the late 80's by RDBMS developers. It meant "Binary Large OBject." Hence when I see "Binary BLOB" I read it as "Binary Binary Large Object."

Quote of the week

Posted Oct 21, 2006 17:57 UTC (Sat) by dirtyepic (subscriber, #30178) [Link]

try Binary Bigasshuge Large OBject

Quote of the week

Posted Oct 21, 2006 18:40 UTC (Sat) by sbergman27 (guest, #10767) [Link]

If I understand you correctly, you are saying that closed source code is inherently more secure than OSS code.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds