Re: How regularly is the GnuPG source code examined?
From: Mxsmanic (mxsmanic_at_gmail.com)
Date: Thu, 20 Oct 2005 06:04:16 +0200
David Wagner writes:
> Yup. The answer is to avoid writing code in such a way that it is
> non-obvious whether the code is correct or not. Validators have to be
> liberated to reject code when there is doubt about its correctness (err on
> the side of safety). As you have stated before, it is a mistake to try
> to ``validate an arbitrary pile of code that was produced any old which
> way''; instead, the design and implementation process should be structured
> to ensure that the code is correct, and can be verified to be correct.
Most design and coding errors are very blatant, anyway, so these
principles, while interesting, are rarely applicable.
You don't need anything fancy to detect a buffer overflow. Many of
the world's woes would be immediately eliminated if C compilers put
data and code on different stacks (as some hardware designs allow).
-- Transpose mxsmanic and gmail to reach me by e-mail.