Gary E. Miller via devel <devel@ntpsec.org>: > Buffer overruns are just one way a program might make unexpected system > calls. Even if you can guarantee that a Go program could never be > maliciously corrupted externally, you can never guarantee that the > Go program can not be trojaned.
Everything is cost gradients.
Yes, a Go program could be Trojaned, but (a) that is far less likely
than a buffer overrun is in C, and (b) there are reasonably efficient
auditing methods to detect Trojanning, good enough that even static
analyzers lilke Coverity and LGTM can usually catch them by looking
for shellouts. Syscall blocking is not really the best-fit tool for
defense against this kind of attack.
Daniel knows more about this sort of thing than I do and might correct
me, but it's my impression that syscall blocking is *specifically* a
best-fit defence against object-code weird machines prpoduced by
buffer-overrun and stack-corruption attacks, and its utility drops off
sharply for other kinds of attacks that are better foiked in different
ways.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
