Comments for obcode anti-debugging library

06 Nov 2002 23:54 antrik

Re: Sense?...


> There are useful applications for such a library, e.g. for code that must be
> executed on an untrusted host (distributed computing, sensors for host-based
> intrusion detection, not to mention the buzzword 'mobile code' ...).


Sorry, you are right, of course. I just haven't thought of such applications...


However, this kind of usage probably has to be considered "distribution", so the GPL would require providing full source -- which obviously doesn't make much sense... LGPL might be ok, but again, I'm not sure about that. In any case I *strongly* recommend asking the FSF for their opinion...


> The general problem with code obfuscation is that by making debugging more
> difficult , you can gain time (which for this kind of applications is good
> enough), but you don't know how much time you gain. In particular, if you
> need X seconds before the code is reverse engineered, there is no arithmetic
> proof that you really get these X seconds.


Well, "security through obscurity" is generally not considered a terribly good idea...

18 Oct 2002 07:42 rainer

Re: Sense?...

>
> Morever, the idea itself is a
> perversion. The purpose of the GNU
> licenses is to protect free software, to
> give it a better position against
> proprietary influences, to encourage and
> faciliate free software development. Now
> you want to use these licenses to
> protect a library that has the sole aim
> of "protecting" proprietary
> applications?... That just doesn't make
> any sense to me.
>


There are useful applications for such
a library, e.g. for code that must be executed
on an untrusted host (distributed computing,
sensors for host-based
intrusion detection, not to mention the
buzzword 'mobile code' ...).

The general problem with code obfuscation
is that by making debugging more difficult ,
you can gain time (which for this kind of applications
is good enough), but you don't know how much
time you gain. In particular, if you need X seconds
before the code is reverse engineered, there is no
arithmetic proof that you really get these X seconds.
Still, I think this is an interesting project.

10 Sep 2002 21:49 antrik

Re: Sense?...

> You're right as for the license, it needs to be LGPL probably.


Well, yes, to allow linking the library to proprietary programs you would have to use the LGPL. However, I'm still not sure that's OK, as the LGPL requires that reverse engineering of the application is allowed, while the purpose of your library is exactly to prevent that...

Morever, the idea itself is a perversion. The purpose of the GNU licenses is to protect free software, to give it a better position against proprietary influences, to encourage and faciliate free software development. Now you want to use these licenses to protect a library that has the sole aim of "protecting" proprietary applications?... That just doesn't make any sense to me.

05 Sep 2002 01:40 kravietz

Re: Sense?...

> Sorry, I do not get it. What's the use
> of this library? As it is covered by the
> GNU GPL, every program that links to it
> has to be distributed with full source
> anyways!
>

You're right as for the license, it needs to be LGPL probably.
I will sort it out in the next few versions as soon as I fully understand those licenses...

04 Sep 2002 22:27 antrik

Sense?...
Sorry, I do not get it. What's the use of this library? As it is covered by the GNU GPL, every program that links to it has to be distributed with full source anyways!

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.