Secure Coding mailing list archives

Re: [SC-L]

From: Crispin Cowan <crispin () immunix com>
Date: Sat, 13 Dec 2003 04:14:21 +0000


Jeffrey W. Baker wrote:


In my recent experience, certain institutions are turning out graduates
in computer science whose understanding of the actual computer is quite
limited.  These people know how to program in high-level languages, Java
or Pascal for example, and they can use an operating system, but they
wouldn't know what to do with an 8-bit shift register.

In the present world, I don't think you can write a secure program
unless you recognize the term "smashing the stack" and you know how to
do it.

As someone who knows a fair bit about stack smashing :) I specifically 
disagree with that. I believe that it is possible for a developer who 
*sticks to* type safe languages such as Java or ML, and who follows the 
security principles of my previous post (not trusting other components 
or input data to be well-behaved) to develop very secure applications.


Of course this is full of dangerous caveats:

   * It applies *only* to type safe languages, notably *not* including
     C, C++, PERL, PHP, or Python.
   * The developer still has to understand other kinds of security
     issues, including validating inputs, and race conditions.
   * It only works at the application layer; network and operating
     system development require the developer to get their hands dirty.



You'll never write a secure program if you can't understand what
might happen if your cushy JVM security protections break down.

Your cushy JVM security protection (type safety) should not be breaking 
down, and when it does, it is not the Java programmer's fault. Even if 
the Java programmer knew all about stack smashing, sie is still entirely 
at the tender mercies of the JVM if someone finds a way to violate type 
safety.



 It's
not possible to avoid shell code injection when you don't know what
shell code is or why that might be bad.

I'm sorry, but that's wrong. It is entirely possible to avoid shell code 
injection in type safe languages.


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/

Current thread:

[SC-L] Jeffrey W. Baker (Dec 12)
- Re: [SC-L] Crispin Cowan (Dec 12)
  - Re: (Shellcode Injection) ljknews (Dec 13)
    - Re: (Shellcode Injection) Crispin Cowan (Dec 13)
    - Re: (Shellcode Injection) ljknews (Dec 14)
    - Re: (Shellcode Injection) Crispin Cowan (Dec 14)
    - Re: (Shellcode Injection) ljknews (Dec 15)
    - Re: (Shellcode Injection) Crispin Cowan (Dec 15)
    - The right tool for the right job, quit beating on the C language Dana Epp (Dec 14)
    - Re: The right tool for the right job, quit beating on the C language ljknews (Dec 14)
    - Re: (Shellcode Injection) Louis Solomon [SteelBytes] (Dec 15)
    - Re: (Shellcode Injection) ljknews (Dec 15)

(Thread continues...)