Full Disclosure mailing list archives
RE: Coding securely, was Linux (in)security
From: "Chris Eagle" <cseagle () redshift com>
Date: Sun, 26 Oct 2003 20:54:52 -0800
Brett Hutley wrote:
Sent: Sunday, October 26, 2003 7:44 PM To: Paul Schmehl Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Coding securely, was Linux (in)security Paul Schmehl wrote: *snip*You complain that the code would be really slowed down ifconsistent andcomplete error checking were done. I wonder if anyone has ever really tried to write code that way and then tested it to see if it really *did* slow down the process? Or if this is just another one of those "truisms" in computing that's never really been put to the test?Yup. I work on large distributed systems for financial risk management processing. We have some very tight calculation loops with preallocated buffers because we can't afford to do any unnecessary stuff in these loops. Because they are buried deep in the calculation engine we don't need to worry about validating the input. An unnecessary piece of code here makes the difference between the job taking 1 hour to process or 10 hours. There are some circumstances where tight code is essential. Of course in MOST systems the speed of execution is not that critical.
At best this sort of coding is appropriate when functions are tightly coupled and not exported. It would of course behoove you to attempt to prove that the parameters being passed around never go out of range. Its publicly exported functions that fail to validate parameters that worry me. Chris _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Coding securely, was Linux (in)security, (continued)
- Re: Coding securely, was Linux (in)security Brett Hutley (Oct 26)
- RE: Coding securely, was Linux (in)security Chris Eagle (Oct 26)
- Re: Coding securely, was Linux (in)security Brett Hutley (Oct 26)
- Off topic programming thread Mortis (Oct 26)
- Re: Off topic programming thread Bill Weiss (Oct 27)
- Re: Off topic programming thread Chris Smith (Oct 27)
- RE: Coding securely, was Linux (in)security Paul Schmehl (Oct 26)
- Re: Coding securely, was Linux (in)security Bill Royds (Oct 26)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 26)
- Re: Coding securely, was Linux (in)security Brett Hutley (Oct 26)
- RE: Coding securely, was Linux (in)security Chris Eagle (Oct 26)
- RE: Coding securely, was Linux (in)security Steve Wray (Oct 27)
- Re: Coding securely, was Linux (in)security Gregory A. Gilliss (Oct 27)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 28)
- Re: Coding securely, was Linux (in)security Gregory Steuck (Oct 28)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 29)
- Re: Coding securely, was Linux (in)security Ben Laurie (Oct 29)
- Re: Coding securely, was Linux (in)security Sebastian Herbst (Oct 29)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 29)
- Re: Coding securely, was Linux (in)security Sebastian Herbst (Oct 29)
- Re: Coding securely, was Linux (in)security Bill Royds (Oct 29)