At 2:51 PM -0400 7/12/04, Jeff Williams wrote: >Does anyone have pointers to articles on designing API's so that they are >easy to use securely?
The environment with which I am most familiar is VMS, and tradition is what guides secure interfaces. Inner mode code _must_ probe any arguments provided from an outer mode, probe the buffers specified by descriptors provided, etc. The "easy to use securely" falls out of the general interface methods. All programming languages on the platform have methods for descriptor creation, so passing strings of specified length between languages is not a problem... ...if it is done correctly. A few releases ago one of the senior developers at HP approved a call to the operating system that used C-style strings. He was shouted down by the user community in a _very_ loud Usenet discussion and promised that the next release would provide a standard language-independent method of accessing the same data. That was for a mode-of-caller services -- arguably not really a security problem. So in addition to safe APIs, it also helps to have critical consumers who will not stand for unsafe APIs. -- Larry Kilgallen