Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

BSIMM: Confessions of a Software SecurityAlchemist(informIT)

From: steingra at gmail.com (Andy Steingruebl)
Date: Tue, 24 Mar 2009 11:50:03 -0700
On Mon, Mar 23, 2009 at 7:22 AM, Gary McGraw <gem at cigital.com> wrote:


hi guys,

I think there is a bit of confusion here WRT "root" problems.  In C, the
main problem is not simply strings and string representation, but rather
that the "sea of bits" can be recast to represent most anything.  The
technical term for the problem is the problem of type safety.  C is not type
safe.



Really?  It isn't that the standard von Neumann architecture doesn't
differentiate between data and code?  We've gone over this ground before
with stack-machines like the Burroughs B5500 series which were not
susceptible to buffer overflows that changed control flow because code and
data were truly distinct chunks of memory.

Sure its a different programming/hardware model, but if you want to fix the
root cause you'll have to go deeper than language choice right?  You might
have other tradeoffs but the core problem here isn't just type safety.

Just like in the HTML example.  The core problem is that the language/format
mixes code and data with no way to differentiate between them.

Or is my brain working too slowly today?
-- 
Andy Steingruebl
steingra at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20090324/9f5dd68c/attachment.html
Previous By Date Next
Previous By Thread Next

Current thread: