Full Disclosure mailing list archives
RE: Coding securely, was Linux (in)security
From: Steve Wray <steve.wray () paradise net nz>
Date: Tue, 28 Oct 2003 17:44:55 +1300
Sure they could possibly find other ways to write insecure code, but the issue is not whether its possible; of course its possible. The issue is the relative difficulty of writing insecure code. In C, to write secure code, one might have to re-implement a huge array of data types and so forth. (as was mentioned in the previous post; "You then need to invent your own data types as you just did with your subroutine, which still risks a buffer overflow because strlen itself still looks for the null byte at end of string and so can overflow its internal counters.") Is it beyond all possibility that there exist languages in which the very reverse is true? ie Languages in which one would have to reimplement data types and so forth in order to be able to write insecure code? Can there exist such a language?? I reckon so. [huge snip losing all attributions and context]
So which makes more sense to you? To convert the world's programmers to a new language? Or to teach them to code securely?
Surely, if
we were to replace C today, they would just find other ways to write insecure code?
[snipped out all the rest] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Coding securely, was Linux (in)security, (continued)
- RE: Coding securely, was Linux (in)security Chris Eagle (Oct 26)
- Re: Coding securely, was Linux (in)security Brett Hutley (Oct 26)
- Off topic programming thread Mortis (Oct 26)
- Re: Off topic programming thread Bill Weiss (Oct 27)
- Re: Off topic programming thread Chris Smith (Oct 27)
- RE: Coding securely, was Linux (in)security Paul Schmehl (Oct 26)
- Re: Coding securely, was Linux (in)security Bill Royds (Oct 26)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 26)
- Re: Coding securely, was Linux (in)security Brett Hutley (Oct 26)
- RE: Coding securely, was Linux (in)security Chris Eagle (Oct 26)
- RE: Coding securely, was Linux (in)security Steve Wray (Oct 27)
- Re: Coding securely, was Linux (in)security Gregory A. Gilliss (Oct 27)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 28)
- Re: Coding securely, was Linux (in)security Gregory Steuck (Oct 28)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 29)
- Re: Coding securely, was Linux (in)security Ben Laurie (Oct 29)
- Re: Coding securely, was Linux (in)security Sebastian Herbst (Oct 29)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 29)
- Re: Coding securely, was Linux (in)security Sebastian Herbst (Oct 29)
- Re: Coding securely, was Linux (in)security Bill Royds (Oct 29)
- RE: Coding securely, was Linux (in)security Steve Wray (Oct 29)