Re: "Perfect" or "Provable" security both crypto and non-crypto?
From: Roger Schlafly (rogersc1_at_mindspring.com)
Date: Fri, 17 Sep 2004 08:48:34 -0700
"David Wagner" <firstname.lastname@example.org> wrote:
>>> The task of verifying lack of buffer overruns is trivial if your
>>> renders it impossible to even express a buffer overrun (e.g., Java is
>>> memory safe; there is no way to write code that has a buffer overrun,
>>> and hence is safe).
>>That's a common misconception.
> If you think so, perhaps it would be appropriate to say why.
I don't know what Doug had in mind, but there are lots of ways
that buffer overruns can occur in any language.
Consider a program that reads from a data stream (such as a
file or internet socket), and writes to another stream.
It reads a particular data field, for which the specs say
that it will be null-terminated and less than 64 bytes long.
The program reads the data into a larger data structure,
and ignores the 64-byte limit because it assumes that the
null terminator will be there. Then all sorts of bad things
Such buffer overflow bugs can occur in Java or Perl or
anything else, and such bugs are common. Those languages
are a lot safer than C because a simple string copy is not
going to blow the stack, but there can be other buffer overrun