Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Think about these peoples starting point. They want a complete OS and application set built from source that is completely auditable.

This is direct circumvention of that.

Additionally, you can never prove you have removed all of your security flaws. The best you can do is search harder to become more confident that none exist. There is no way to prove that a privilege escalation flaw does not exists. Now arbitrary code is run against you wishes and without your permission.

No one can prove it didn't run a privilege escalation attack. If you think your digital security is of paramount importance you must assume you have been compromised and take steps to remedy this potential issue.

It is not that google is guilty, it is that moments before this happened security was provable and now it is not.



I think you are underestimating how much stuff you can actually prove. There's an entire field doing software verification which deals which formalizing aspects of the execution environment and proving absence of certain properties, i.e. classes of bugs, in a system. Sure, your proofs might rely on some "assumptions", but testing, a mere search for the bugs, is surely not the only way to ensure correctness.


Its not about what I am thinking. I never said anything about my thoughts on it. Perhaps I think computer security can be improved with liberal applications of butter and jelly or something equally ridiculous.

The people in question think it is an issue. They do this because of their starting point.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: