grauzone wrote:
Conclusion: the compiler doesn't need to be safe. Actually, using a sandbox approach is probably more secure than trying to fix all compiler security issues.
I've been reading a bunch of articles on making secure software lately. The consensus is that relying on one aspect to make software secure leaves one vulnerable. The more reliable way is to have layered security - so that if an attacker gets past one layer, he's got another layer he must get past.
Compiler security issues should be addressed, *and* the compiler should be run in a sandbox.
I'm also thinking of adjusting the code generation to reduce the ability to take advantage of buffer overflows, even though you shouldn't have buffer overflows in D.
