Re: [Lit.] Buffer overruns
From: infobahn (infobahn_at_btinternet.com)
Date: 01/14/05
- Next message: Wally Latham: "Re: Solution for safe internet based e-voting"
- Previous message: Paul Rubin: "Re: OTR - Truly private conversations"
- In reply to: Bryan Olson: "Re: [Lit.] Buffer overruns"
- Next in thread: Bryan Olson: "Re: [Lit.] Buffer overruns"
- Reply: Bryan Olson: "Re: [Lit.] Buffer overruns"
- Reply: David Wagner: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Jan 2005 06:00:04 +0000 (UTC)
Bryan Olson wrote:
>
> infobahn wrote:
> > And FWIW, I agree entirely. Get the spec right, get the program
> > right, and wave bye-bye to buffer attacks.
>
> How do you know when to give the wave?
At about the same time that you gain *complete* assurance that
automatic bounds-checking (ABC hereafter) doesn't leave you open
to buffer attacks.
ABC adds overhead, so it had better be able to pay its way. So
we'd better be SURE that it works. But how can we be? Even if you
validate your ABC compiler's source code, you have to use a
compiler to compile it. Are you sure there are no mistakes in the
binary? And see ken's "Reflections on Trusting Trust" for the
security issues.
And validating your ABC compiler's source code does not mean that
/my/ ABC compiler's source code has been validated. So you can
write what you think to be a safe program, but the act of letting
that program out of your safe-house (so to speak) means it can no
longer be considered safe.
Absolute security is impossible if you also want to get anything
done. That doesn't mean we shouldn't try for security, of course.
But it's a fair indication that we should do the best job we can
with the best tools available, and what "best" means depends on
circumstances. In cases where speed is vital (and such cases
still remain) and portability is desirable, C still remains the
language of choice for many of us, /even though/ it can be misused
by some programmers to produce low-quality code.
- Next message: Wally Latham: "Re: Solution for safe internet based e-voting"
- Previous message: Paul Rubin: "Re: OTR - Truly private conversations"
- In reply to: Bryan Olson: "Re: [Lit.] Buffer overruns"
- Next in thread: Bryan Olson: "Re: [Lit.] Buffer overruns"
- Reply: Bryan Olson: "Re: [Lit.] Buffer overruns"
- Reply: David Wagner: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
