Re: "Perfect" or "Provable" security both crypto and non-crypto?

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 09/17/04


Date: Fri, 17 Sep 2004 18:25:46 +0000 (UTC)

Roger Schlafly wrote:
>I don't know what Doug had in mind, but there are lots of ways
>that buffer overruns can occur in any language.
>
>Consider a program that reads from a data stream (such as a
>file or internet socket), and writes to another stream.
>It reads a particular data field, for which the specs say
>that it will be null-terminated and less than 64 bytes long.
>The program reads the data into a larger data structure,
>and ignores the 64-byte limit because it assumes that the
>null terminator will be there. Then all sorts of bad things
>can happen.

Ok, that's fair. You're right. Maybe it depends how you define
buffer overrun -- I had been thinking only of buffer overruns that
corrupt compiler data structures, not application data structures --
but ultimately I think you're absolutely right.

Even in a safe language, it is possible to corrupt your own application
data structures and therefore get undesired behavior. This is just a
special case of the fact that a safe language does not guarantee that the
program does what you want. Of course, in a safe language you don't have
to worry that a program bug might corrupt compiler data structures (like
return addresses on the heap, the free list of unallocated memory, etc.).



Relevant Pages

  • Re: GMP vs. straight C arithmetic
    ... ordinary data structures that don't impose an additonal performance ... Side-effects are another crucial part of the language. ... > Take the tree structure example I gave earlier. ... determined at compile time, is this a compile time error? ...
    (comp.programming)
  • Re: Alleged Relational Stumper
    ... Dmitry A. Kazakov wrote: ... trees are physical data structures. ... A poster with a car is logical structure of that car. ... Stick a relational query language on top of your favorite language ...
    (comp.object)
  • Re: Factor
    ... emphasis on idiomatic programming is the greatest challenge. ... it sure is nice when a language gives you a rich and ... flexible set of data structures and algorithms that are designed so ... There is no reason to believe that my implementation of lists is ...
    (comp.lang.forth)
  • Re: why learn C?
    ... programming beginner. ... Any language that allows subroutines is procedural based. ... you can learn about algorithms and data structures ...
    (comp.lang.c)
  • Re: [Lit.] Buffer overruns
    ... > Pascal) language correctly (at least from the Pascal communities ... and eventually evolved into pascal/vs ... http://www.garlic.com/~lynn/2004q.html#35 [Lit.] Buffer overruns ...
    (sci.crypt)