Re: "Perfect" or "Provable" security both crypto and non-crypto?
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: Fri, 17 Sep 2004 18:25:46 +0000 (UTC)
Roger Schlafly wrote:
>I don't know what Doug had in mind, but there are lots of ways
>that buffer overruns can occur in any language.
>Consider a program that reads from a data stream (such as a
>file or internet socket), and writes to another stream.
>It reads a particular data field, for which the specs say
>that it will be null-terminated and less than 64 bytes long.
>The program reads the data into a larger data structure,
>and ignores the 64-byte limit because it assumes that the
>null terminator will be there. Then all sorts of bad things
Ok, that's fair. You're right. Maybe it depends how you define
buffer overrun -- I had been thinking only of buffer overruns that
corrupt compiler data structures, not application data structures --
but ultimately I think you're absolutely right.
Even in a safe language, it is possible to corrupt your own application
data structures and therefore get undesired behavior. This is just a
special case of the fact that a safe language does not guarantee that the
program does what you want. Of course, in a safe language you don't have
to worry that a program bug might corrupt compiler data structures (like
return addresses on the heap, the free list of unallocated memory, etc.).