Also, a few random thoughts on parsers, bugs, and security... I'm afraid this is based on 15+ year old information, but here goes:
Perl had a taint system built in until PERL 4 at least. We need a system like type system for plangs but for source, category, and sink access control, so my web parameters don't get sent to system(3) by mistake. I think I wrote about this a while back, and if not, I can dig up the email where I did (to another list). Back in 1994, when one of my classes wrote a parser for C, the students who used Pascal never finished, and the C programmers did. A lesson in strong typing perhaps? However, yacc was never as useful or bug-free to me as perl-byacc, because Perl natively handled strings so well, so all those pointers to tokens and their associated overflows just went away. Shotgun parsers are dangerous because you can't audit the code which handles untrusted input easily. But even with parser generators like byacc, you can still shoot yourself in the foot quite well. What is fascinating to me is the usefulness of strings and a few other first class objects in handling parse trees - which boils down to a "safer language" kind of approach (see previous email). And on a security & programming language (but not strictly langsec) related note, two people I know examined multiple languages in great detail and found that they preferred the same language. http://mitpress.mit.edu/books/design-concepts-programming-languages A masterpiece, 1000+ pages.... His favorite language is this... OCAML: http://cs.wellesley.edu/~cs251/spring08/ocaml.pdf http://cs.wellesley.edu/~cs251/spring08/ocaml-exercises.pdf The friend I knew who did a programming language shootout of many languages on many problems came to the same conclusion. He said, "it has no runtime overhead, it compiles down, it's within 2x of the speed of C, you get static typing for nearly free via type inference, and best of all, the longer I work on my program, the shorter it gets". If you've audited C code before, you'll know that good code is often much more verbose than bad code, because you have to handle errors. With modern languages, you have exceptions to handle. So security involves a principle of parsimony that interacts with the language in subtle ways. -- http://www.subspacefield.org/~travis/ Split a packed field and I am there; parse a line of text and you will find me.
pgpSKgVrcGear.pgp
Description: PGP signature
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
