Re: "Perfect" or "Provable" security both crypto and non-crypto?

From: Roger Schlafly (rogersc1_at_mindspring.com)
Date: 09/17/04

  • Next message: Giorgio Tani: "Re: For the newsgroup"
    Date: Fri, 17 Sep 2004 08:48:34 -0700
    
    

    "David Wagner" <daw@taverner.cs.berkeley.edu> wrote:
    >>> The task of verifying lack of buffer overruns is trivial if your
    >>> language
    >>> renders it impossible to even express a buffer overrun (e.g., Java is
    >>> memory safe; there is no way to write code that has a buffer overrun,
    >>> and hence is safe).
    >>That's a common misconception.
    > If you think so, perhaps it would be appropriate to say why.

    I don't know what Doug had in mind, but there are lots of ways
    that buffer overruns can occur in any language.

    Consider a program that reads from a data stream (such as a
    file or internet socket), and writes to another stream.
    It reads a particular data field, for which the specs say
    that it will be null-terminated and less than 64 bytes long.
    The program reads the data into a larger data structure,
    and ignores the 64-byte limit because it assumes that the
    null terminator will be there. Then all sorts of bad things
    can happen.

    Such buffer overflow bugs can occur in Java or Perl or
    anything else, and such bugs are common. Those languages
    are a lot safer than C because a simple string copy is not
    going to blow the stack, but there can be other buffer overrun
    bugs.


  • Next message: Giorgio Tani: "Re: For the newsgroup"