Vulnerability Development mailing list archives

Re: Delphi and buffer overflows

From: "Alice Bryson" <abryson () bytefocus com>
Date: Wed, 12 Apr 2006 17:01:44 +0800

Decompile Delphi program is more harder than disasemble a VC program for me.
I use DeDe to decompile Delphi, but sometimes Anti-DeDe function of
Delphi program make DeDe not work.
Does anyone has some experience about decompile Delphi program?



2006/4/9, André Gil <andregil () di fct unl pt>:

Well, actually stating that something is secure because is compiled with
Delphi or whatever other compiler is used I think is a really dangerous.

What about race conditions? What about stuff like if x < 10 then (and what
will happen if x for some reason is under 0 and that was never thought off
while developing and reviewing?).

What about not using least privilege?

Well I guess you get the point. Stating something like that is just weird
and dangerous.

André

----- Original Message -----
From: "Gadi Evron" <ge () linuxbox org>
To: <Valdis.Kletnieks () vt edu>
Cc: <Majid2k () SourceForge net>; <vuln-dev () securityfocus com>
Sent: Wednesday, April 05, 2006 2:52 AM
Subject: Re: Delphi and buffer overflows

Valdis.Kletnieks () vt edu wrote:

On Sat, 01 Apr 2006 12:46:06 GMT, Majid2k () SourceForge net said:

All Programs compiled in Delphi are secure



Explain. Do tell.  How does a language manage to be Turing-complete and
at the same time provably secure?  (Hint - Turing-complete includes the
possibility of a program infinite looping, so at the very least, there's
the possibility of a loop causing a DoS attack....)

Or did Delphi use some different definition of "secure"?


Valdis, I tend to like Delphi and agree with the guy, but you are 100%
correct.

That is because [especially] in the world of security the following words
should be banned: all, every, never, etc.

I bet that if you put a backdoor into a program written in Delphi it will
no longer be 100% secure, right? That may be a bit of immature nitpicking,
but really..



--
http://www.lwang.org
lwang.org provides online base64 encode and decode, crc32 md5 and sha1
hashing, online ciphers, encryption and decryption. We are engaged in
adding more common use lookup service.
We collect spam for research at abryson () bytefocus com

Current thread:

Re: Delphi and buffer overflows Majid2k (Apr 03)
- Re: Delphi and buffer overflows Valdis . Kletnieks (Apr 04)
  - Re: Delphi and buffer overflows Gadi Evron (Apr 08)
    - Re: Delphi and buffer overflows André Gil (Apr 08)
    - Re: Delphi and buffer overflows Alice Bryson (Apr 12)
    - Re: Delphi and buffer overflows Nicolas RUFF (Apr 18)
    - Re: Delphi and buffer overflows Alice Bryson (Apr 19)