Steve is not asking that a language be less than Turing-complete, only that insecure operations are difficult and that one would need to work hard to write insecure code. One could still implement anything if needed but it would need to be explicit. This can be achieved in many ways by languages that do bounds checking on strings and arrays, do not allow pointers to arbitrary data but force all pointers to use descriptors (the VAX calling convention had all argument lists as descriptors forcing type safety on function calls as much as possibile in hardware). Some of these techniques are what the secure Linuxes use to prevent manipulation of calling stacks. Unfortunately other considerations than security seem to dominate tradeoffs. Having hardware checks of array bounds adds some overhead to array addressing, for example, so most programmers schooled in the efficiency is first discipline rebel at such architectures.
----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Steve Wray" <[EMAIL PROTECTED]> Cc: "'Paul Schmehl'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, October 28, 2003 2:46 PM Subject: Re: [Full-Disclosure] Coding securely, was Linux (in)security On Tue, 28 Oct 2003 17:44:55 +1300, Steve Wray <[EMAIL PROTECTED]> said: > Is it beyond all possibility that there exist languages in which > the very reverse is true? ie Languages in which one would have to > reimplement data types and so forth in order to be able to write > insecure code? > > Can there exist such a language?? I reckon so. No. All programming languages that are Turing-complete (basically, anything that has a conditional loop) are prone to the Turing Halting Problem. In other words, you can't prevent DoS-via-infinite-loop based on input. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
