Re: Privilege-escalation attacks on NT-based Windows are unfixable

From: Lassi Hippeläinen (lahippel@ieee.orgies.invalid)
Date: 08/24/02


From: Lassi Hippeläinen <lahippel@ieee.orgies.invalid>
Date: Sat, 24 Aug 2002 11:15:05 GMT

David Wagner wrote:
>
> Ursus Horibilis wrote:
> >How hard is it to define a safe string type and a set of functions to go
> >with it?
>
> Hard enough that real programmers don't seem to do it, in practice.
> Who can blame them? When they do do it, noone else can read their code.
> (Witness qmail: it has its own string library, but everyone complains
> about how this makes it hard for others to read.)
>
> Safe string libraries are a great example of something that, in an ideal
> world, ought to have been part of the original standard, but weren't.

In this thread the bame has been put on hardware, programming language,
programmers, operating systems, administrators, and end users. It is
always a SEP (Someone Else's Problem). If every party involved learns
something each time the ball passes close by, good; but I'm afraid the
discussion isn't converging.

The old description of a bug as a difference between specification and
behaviour can be extended to operations, too. A policy is a
specification. Programming style is a policy, and programmers can be
told to use type checking in whatever language they are using.

The late Edsger Dijkstra complained that people are using all kinds of
shortcuts, on the excuse of making more efficient code. It had started
with the first machines, which were real clunkers, but the tradition was
carried to mainframes. In the '70s the microprocessors gave new life to
it.

Hardware has developed quite a lot from those days, but the excuse still
lingers.

-- Lassi



Relevant Pages