Re: "Perfect" or "Provable" security both crypto and non-crypto?

From: Roger Schlafly (rogersc1_at_mindspring.com)
Date: 09/17/04

  • Next message: Giorgio Tani: "Re: For the newsgroup"
    Date: Fri, 17 Sep 2004 08:48:34 -0700
    
    

    "David Wagner" <daw@taverner.cs.berkeley.edu> wrote:
    >>> The task of verifying lack of buffer overruns is trivial if your
    >>> language
    >>> renders it impossible to even express a buffer overrun (e.g., Java is
    >>> memory safe; there is no way to write code that has a buffer overrun,
    >>> and hence is safe).
    >>That's a common misconception.
    > If you think so, perhaps it would be appropriate to say why.

    I don't know what Doug had in mind, but there are lots of ways
    that buffer overruns can occur in any language.

    Consider a program that reads from a data stream (such as a
    file or internet socket), and writes to another stream.
    It reads a particular data field, for which the specs say
    that it will be null-terminated and less than 64 bytes long.
    The program reads the data into a larger data structure,
    and ignores the 64-byte limit because it assumes that the
    null terminator will be there. Then all sorts of bad things
    can happen.

    Such buffer overflow bugs can occur in Java or Perl or
    anything else, and such bugs are common. Those languages
    are a lot safer than C because a simple string copy is not
    going to blow the stack, but there can be other buffer overrun
    bugs.


  • Next message: Giorgio Tani: "Re: For the newsgroup"

    Relevant Pages

    • Re: perfomance vs. key size
      ... > There are buffer overruns even in various versions of MS CryptoAPI ... > exploitable bugs and increases the probability that any bugs are ... http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation ...
      (sci.crypt)
    • Re: [Lit.] Buffer overruns
      ... I thought we wanted, ideally, a program with no bugs. ... >>with eliminating buffer overruns. ... > would be pointless if programmers would only follow your discipline. ... > Is the same true when you restrict attention to exploitable security ...
      (sci.crypt)
    • Re: [Lit.] Buffer overruns
      ... these buffer overruns don't appear magically from nowhere. ... I'm most concerned about inadvertent bugs (buffer overruns that were ... the N-person code review stage. ... Code reviews are good, but I don't know ...
      (sci.crypt)
    • Re: Linux Xorg Is Riddled With Security Bugs. Its a Hackers Dream!
      ... Nate Bananarama Latwanda III Jr. ... The bugs are scattered across the whole ... > include endless loops, buffer overruns, buffer underruns, code ... > applications that use libXpm to process data from untrusted sources. ...
      (alt.os.linux.suse)
    • Re: Linux Xorg Is Riddled With Security Bugs. Its a Hackers Dream!
      ... Nate Bananarama Latwanda III Jr. ... The bugs are scattered across the whole ... > include endless loops, buffer overruns, buffer underruns, code ... > applications that use libXpm to process data from untrusted sources. ...
      (alt.os.linux)