More Perl regex stuff in E
Mark S. Miller
markm@erights.org
Fri, 16 Apr 1999 08:15:12 -0700
At 07:52 AM 4/16/99 , shapj@us.ibm.com wrote:
>So, in *addition* to the things you identified for why you can trust the
>Perl RE
>package, I would add that it's source is available for inspection and has been
>inspected by a goodly number of people. This yields some confidence that its
>use will not result in combination attacks.
That's a good point, *especially* for an RE package, as I and others are
likely to be using it to build code transformation tools. A
capability-secure but malicious RE package could introduce Kernighan
trapdoors into code being generated, and may evade detection if it's
narrowly targeted. By contrast, capability-secure but innocently buggy one
is unlikely to introduce Kernighan trapdoors through bugs that evade detection.
Now I get it: "inspectability" isn't just about the readability of source.
It's also about the availability of source. Whether anyone ever reads these
or not, inspectability will usually be a sufficient deterrence to inspire
confidence, not in lack of bugs, but in lack of purposeful malice.
Of course, if Norm put his mind to it, I'm confident he could introduce
Kernighan trapdoors in readable sources that 1) evaded detection for a
while, and 2) once detected looked like an innocent bug. Fortunately,
Norm's whitespace habits will prevent others from judging his code to be
readable. Let's just hope no one runs it through a pretty printer. ;)