A student once asked me a similar questions wrt x86, thinking that LangSec somehow made x86 programs safe.
In reply, I made a distinction between statically disassembling strings of x86 instructions (i.e., the encoding of the language) and attempting to recognize what an arbitrary x86 program does. (I think this is the same observation the OP makes wrt brainfuck) Knowing your input is well-formed is but the first (but necessary, and often missing) critical step in eliminating a pervasive form of security bugs. This approach isn't a panacea or a replacement for other formal methods, and it does not guarantee that subsequent arbitrary processing is correct or free of bugs. I agree w/ the OP when he says that part of the message boils down to "Don't write code when you can have it generated for you.", but I think there is more to the message, such as: be cognizant of what functionality you give up by choosing smaller, less complex languages. Personally, I don't have a good feel for what this tradeoff entails in a practical sense, and I get the sense that's the motivation behind the original question (correct me if I'm wrong). -Michael On 11/12/14, 12:09 PM, Sven Kieske wrote: > On 11.11.2014 22:31, Taylor Hornby wrote: >> The fact that HTML5+CSS3 can specify computation that is as >> powerful as a Turing machine does not mean the language itself is >> undecidable or even requires a Turing machine to decide. > > In short: > > yes, this does not mean the language itself is undecideable, but > that's not what langsec is about: > > langsec is about input being undecideable, because the input itself > can form a language (in this case html5+css3). > > so you can hide programs in data > > I hope I got this right, maybe someone else can explain it better. > > kind regards > > Sven > _______________________________________________ > langsec-discuss mailing list > langsec-discuss@mail.langsec.org > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > > _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
