[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RISKS: Princeton discovers another Netscape security flaw



ses @ tipper.oit.unc.edu (Simon Spero wrote:
>A pound to a bucket of ferrets this is another visit from our good friends
>Capt. Overrun  and the static buffers, in which case it's more an indictment 
>of C 

So?  I agree that it's essentially impossible to write reliable code
in C, just as in assembly language.  Actually, it's easier in assembly
language because then you KNOW you have to do all the work
yourself, while C misleads you into thinking it does some of the
work for  you when in fact it does not.

That doesn't affect the point at all, though.  

The job of doing something like what Java claims to do correctly
is basically equivalent to the job of creating an A2 grade operating
system.  (Don't bother looking for any, as far as I know the designation
A2 doesn't even exist anymore because it is still beyond the state
of the art.  It means "verified implementation", i.e., the implementation
-- not just the design as in in A1 -- is provably correct.  Note that
a strict interpretation of this would involve holding not just the code
itself but also the tools that act on it -- like compilers, and microcode
in machines that have it -- to A2 standards.  If you wonder why, consider
the famous Unix login hack from many years ago that involved
a hack in the C compiler.)

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: [email protected]  or  [email protected]
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over 
!  any member of a civilized community, against his will, is to prevent
!  harm to others.  His own good, either physical or moral, is not
!  a sufficient warrant."    -- John Stuart Mill, "On Liberty" 1859