Secure Coding mailing list archives
RE: [SC-L]
From: "Lewis, Todd" <todd.lewis () gs com>
Date: Tue, 16 Dec 2003 01:34:56 +0000
Although I agree about ML, I have to say that the number of null-pointer exceptions I've seen in Java apps leaves me suspicious that it might not be as safe as it's cracked up to be. Plus, no amount of type-safe code can save you from a well-placed photon or two: http://www.cs.princeton.edu/~sudhakar/papers/memerr.pdf -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crispin Cowan Sent: Friday, December 12, 2003 9:09 PM To: Jeffrey W. Baker Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] Jeffrey W. Baker wrote:
In my recent experience, certain institutions are turning out graduates in computer science whose understanding of the actual computer is quite limited. These people know how to program in high-level languages, Java or Pascal for example, and they can use an operating system, but they wouldn't know what to do with an 8-bit shift register. In the present world, I don't think you can write a secure program unless you recognize the term "smashing the stack" and you know how to do it.
As someone who knows a fair bit about stack smashing :) I specifically disagree with that. I believe that it is possible for a developer who *sticks to* type safe languages such as Java or ML, and who follows the security principles of my previous post (not trusting other components or input data to be well-behaved) to develop very secure applications. Of course this is full of dangerous caveats: * It applies *only* to type safe languages, notably *not* including C, C++, PERL, PHP, or Python. * The developer still has to understand other kinds of security issues, including validating inputs, and race conditions. * It only works at the application layer; network and operating system development require the developer to get their hands dirty.
You'll never write a secure program if you can't understand what might happen if your cushy JVM security protections break down.
Your cushy JVM security protection (type safety) should not be breaking down, and when it does, it is not the Java programmer's fault. Even if the Java programmer knew all about stack smashing, sie is still entirely at the tender mercies of the JVM if someone finds a way to violate type safety.
It's not possible to avoid shell code injection when you don't know what shell code is or why that might be bad.
I'm sorry, but that's wrong. It is entirely possible to avoid shell code injection in type safe languages. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- Re: (Shellcode Injection), (continued)
- Re: (Shellcode Injection) Crispin Cowan (Dec 13)
- Re: (Shellcode Injection) ljknews (Dec 14)
- Re: (Shellcode Injection) Crispin Cowan (Dec 14)
- Re: (Shellcode Injection) ljknews (Dec 15)
- Re: (Shellcode Injection) Crispin Cowan (Dec 15)
- The right tool for the right job, quit beating on the C language Dana Epp (Dec 14)
- Re: The right tool for the right job, quit beating on the C language ljknews (Dec 14)
- Re: (Shellcode Injection) Louis Solomon [SteelBytes] (Dec 15)
- Re: (Shellcode Injection) ljknews (Dec 15)
- Message not available
- Re: (Shellcode Injection) Crispin Cowan (Dec 14)