security benefits to microkernel designs, it's true, but
there are also security benefits to monolithic designs, and which
outweighs the other is a decision each system's architect must make -
it certainly isn't a slam-dunk either way, to me.
/~\ The ASCII der Mouse
\ / Ribbon
der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
traffic,
This is not so much a difference between DECnet and IP as a difference
between VMS and Unix.
/~\ The ASCIIder Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
a lot of overlap.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
not exclusively (I know I'm a better programmer for knowing
many languages). Perhaps not even predominantly. But as theoretically
ugly as it may be, it is still pragmatically critical.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED
level, because the language is higher level,
but they will occur if the thing being built is nontrivial.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
/SIGBUS rather than returning EFAULT).
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
should not have a separate entry from Java (and
probably VBScript vs Visual Basic too). I also think ADA should be
spelled Ada - you seem to be _trying_ to capitalize correctly
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED
us hard data about what their effect is, rather than the
speculation (however well-informed) that's all we have to go on now -
and it quite likely would have the pleasant side effect of pushing most
open source projects out into the free (or at least freer) world.
/~\ The ASCIIder Mouse
in the initial design, but reused in another way that nobody
knew even existed at first writing, it could cause a crash (and
associated DoS) or worse.
/~\ The ASCIIder Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52
that anyone who thinks otherwise should
not be coding or specifying for anything that has a significant cost
for a security failure. (Which is not to say that they aren't!)
/~\ The ASCIIder Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED
only proven this program correct, not tested it.
/~\ The ASCIIder Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
the
practical application of proof-based technology in a suitably
constrained environment.
Entirely true. But if you use theoretical language like proof, you
have to expect to be held to a theroetical standard of correctness.
/~\ The ASCIIder Mouse
\ / Ribbon Campaign
X
it's not, too. And if I want examples of bad code I hardly
have to go to Microsoft to find them.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
with that, which actually means just that you've picked the
wrong TCP stack for your environment, not that there's anything wrong
with the stack for its design environment.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED
no, a browser written in java would not have buffer overflow/stack
issues. the jvm is specifically designed to prevent it ...
And of course, we all know all JVM implementations are perfect.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML
Der Mouse is barking up the right rathole.
:-) That's a lovely mangled metaphor. And, thanks for the kind words;
I'm glad to see I'm not totally out to lunch. (I haven't been at this
for as long as you have - you write from 1965 to 1969, during which
time I was at most five years old
stacks would have
exactly this kind of buffer overrun protection.
Hmm, I wonder if there's something useful lurking there.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31
, *and* they
get it evaluated up to EAL7.
Strictly speaking, you don't need to have it evaluated for it to be
high security. Evaluation does not give the security; it gives
confidence in the security (or lack thereof, if it flunks).
Okay, okay, /nitpick
/~\ The ASCII der Mouse
will garner
your OS widespread rejection (even if it does gain a sliver of
acceptance from those who (a) understand the security principles
involved and (b) want to run a shop that tight).
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL
, in fact. But you can't make it impossible.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
___
Secure Coding mailing
der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http
to the bugs present in *that*
program (the spec) and the bugs present in the compiler (the formal
verifier).
Formal methods are a useful tool, and have a place. But they are not a
magic bullet.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML
version. It might be of type k or it might be
of some other type (possibly a type that can exist in language A,
possibly not). And in any case, you have not found it; you have only
demonstrated its existence.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML
or
sideways in the code parse tree (versus structured constructs, which
do such branches upward only). Exceptions are upward-only branches,
and as a result don't have most of the problems gotos do.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML
to be aware of the throw-through-them
potential, and none where I would say it was painful. Perhaps that's
just an artifact of how I design my code
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52
'
capabilities per se.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
___
Secure Coding mailing list (SC-L)
SC-L
keys out of swap
space. (Looking through swap space is a relatively well-known forensic
technique for finding things like crypto keys or passwords.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52
, for hash functions in general. A *good* hash function will
of course have this property for all hash values. I don't know whether
SHA-1 is good in this respect, though I would expect it is.)
Okay, nitpicky-mathematician mode off :-)
/~\ The ASCII der Mouse
wherein software isn't
security Swiss cheese. :-)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
___
Secure Coding
into hardening the network
interface before the config-file interface.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
actually
using such environments (languages, whatever), then it's an
improvement for the industry, even if it's no theoretical advance.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39
Like it or not, the Web doesn't work right without Javascript now.
Depends on what you mean by the Web and work right. Fortunately,
for at least some people's values of those, this is not true.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML
better?
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
___
Secure Coding mailing list (SC-L) SC-L
of what they should.) Who gets hit with tax when a bug is
found in, say, the Linux kernel? Why?
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
both ways wrt imposing it on the developers. Often enough,
the bugs are not bugs, but rather an end user misapplying software.
I've often enough written software that was perfectly fine in its
intended application but, if misapplied, could be a risk.
/~\ The ASCII der Mouse
.
It accurately conforms to what the programmer coded, just not to what
the programmer intended to code. The problem affects only code that
depends on certain pointer computations whose behaviour has never been
promised by C.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X
37 matches
Mail list logo