Secure Coding mailing list archives
Re: Interesting article on the adoption of Software Security
From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Fri, 11 Jun 2004 19:11:07 +0100
For those of us who write kernel mode / ring0 code, what language are you suggesting we write in? Name a good typesafe language that you have PRACTICALLY seen to write kernel mode code in.
Lisp. I used Lisp Machines back when I worked in academia, and almost everything was in Lisp, including most of what would in a more conventional OS be called the kernel. Of course, the Lisp dialect they used was not, strictly, typesafe, since it had subprimitives that allowed you to assemble arbitrary lispvals out of nothing. (In fact, I submit that a language that does not have some analog thereof _cannot_ be suitable for writing the lowest-level kernel code, though it may be fine for the more disciplined parts of the kernel. Vide infra.)
Especially on Windows and the Linux platform.
If you're restricting yourself to OS Foo, then you will have a very hard time finding a language suitable for OS hacking except for the language(s) that Foo is written in. For example, you are unlikely to have an easy time of doing Linux kernel code in any language but gcc.
What is the C language downfall is also its best strength.
Yes. It's a little like a Formula 1 racecar: touchy, unforgiving...and a good deal more powerful than your average car. Of course, you don't go shopping for groceries in a F1 racecar; C is not always the right answer. But simply because it does not force code to be typesafe does not automatically make it the wrong answer, either. (For example, I have trouble imagining how you could build the VM subsystem in a language that did enforce type safety.) The problem is not C. The problem is using C when it's not the right language. Note also that "the right language" varies not only with the problem, but with other things too, such as who's going to be writing the code. (As a simple example, C is a right language for more problems for me, who's been using it for going on twenty years now, than it is for someone who got a little of it in half of a course last semsester but really knows Visual BASIC inside and out.) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: Interesting article on the adoption of Software Security, (continued)
- Re: Interesting article on the adoption of Software Security Jeff Williams (Jun 08)
- Re: Interesting article on the adoption of Software Security Florian Weimer (Jun 09)
- Re: Interesting article on the adoption of Software Security Damir Rajnovic (Jun 10)
- Re: Interesting article on the adoption of Software Security Crispin Cowan (Jun 10)
- Re: Interesting article on the adoption of Software Security Dana Epp (Jun 11)
- Re: Interesting article on the adoption of Software Security ljknews (Jun 11)
- RE: Interesting article on the adoption of Software Security Michael S Hines (Jun 11)
- Re: Interesting article on the adoption of Software Security Crispin Cowan (Jun 11)
- RE: Interesting article on the adoption of Software Security ljknews (Jun 11)
- Re: Interesting article on the adoption of Software Security Crispin Cowan (Jun 11)
- Re: Interesting article on the adoption of Software Security Damir Rajnovic (Jun 10)
- Re: Interesting article on the adoption of Software Security der Mouse (Jun 11)