Hi,
On Mon, 21 Apr 2014, Ronald F. Guilmette wrote:
In message <[email protected]>,
"hcoin" <[email protected]> wrote:
... It is for the community to decide whether it is 'worth it'
on a case by case basis given there is no way to prove a program
'correct' from a security perspective.
I guess that I was sick that day in software school.
Did I just hear you tell me that I can't prove the following program
is "secure"?
int
main (void)
{
return 0;
}
in an ideal world you could propably. The difficulty ist that even
above seemingly trival snippet of code is run after initialization of
the c runtime library and some pre processing of argc, argv.
It gets more complex with c++ contstructors run before main.
If gets even more complex the more software components interact in
wierd and wonderfull ways.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: [email protected] Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
