Re: [Lit.] Buffer overruns
From: Xcott Craver (caj_at_B-r-a-i-n-H-z.com)
Date: Wed, 08 Dec 2004 01:36:17 GMT
Douglas A. Gwyn <DAGwyn@null.net> wrote:
>Mok-Kong Shen wrote:
>> 'safe' programming language, e.g. ADA (would JAVA be as good?), could
>> one really 'surely' exclude such (or somewhat varied) exploits? Thanks.
> Programmer oversights are possible in any PL. While bounds enforcement
> would prevent *some* attacks, it cannot stop them all.
In a "type-safe" language like ML, a great many security
vulnerabilities can not occur because they are type mismatches.
Buffer overruns, for example, are type mismatches because the array
size is part of its type. Code containing a buffer overrun issue
simply cannot compile.
This does not prevent all sorts of other vulnerabilities due to
improperly implemented algorithms. But a huge number of exploited
security flaws are mere typing errors, which wouldn't happen if you
used a language that disallowed them.
But I agree that "C is unsafe." Sure it's safer if you make sure to
check everything, but the point is that people don't. Likewise
you can secure a Windows box, but a lot of people don't. In the
end what matters is the likelihood of widespread vulnerabilities
in the real world, and the damage caused by them.