At 2:51 PM -0400 7/12/04, Jeff Williams wrote:

>Does anyone have pointers to articles on designing API's so that they are
>easy to use securely?

The environment with which I am most familiar is VMS, and tradition
is what guides secure interfaces.  Inner mode code _must_ probe any
arguments provided from an outer mode, probe the buffers specified
by descriptors provided, etc.

The "easy to use securely" falls out of the general interface methods.
All programming languages on the platform have methods for descriptor
creation, so passing strings of specified length between languages is
not a problem...

...if it is done correctly.  A few releases ago one of the senior
developers at HP approved a call to the operating system that used
C-style strings.  He was shouted down by the user community in a
_very_ loud Usenet discussion and promised that the next release
would provide a standard language-independent method of accessing
the same data.  That was for a mode-of-caller services -- arguably
not really a security problem.

So in addition to safe APIs, it also helps to have critical consumers
who will not stand for unsafe APIs.
Larry Kilgallen

Reply via email to