[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002001c39d0e$3c238690$6101a8c0@fosi>
From: steve.wray at paradise.net.nz (Steve Wray)
Subject: Coding securely, was Linux (in)security
Sure they could possibly find other ways to write insecure code,
but the issue is not whether its possible; of course its possible.
The issue is the relative difficulty of writing insecure code.
In C, to write secure code, one might have to re-implement a huge array
of data types and so forth.
(as was mentioned in the previous post;
"You then need to invent your own data types as you just did with your
subroutine, which still risks a buffer overflow because strlen itself
still
looks for the null byte at end of string and so can overflow
its internal counters.")
Is it beyond all possibility that there exist languages in which
the very reverse is true? ie Languages in which one would have to
reimplement data types and so forth in order to be able to write
insecure code?
Can there exist such a language?? I reckon so.
[huge snip losing all attributions and context]
> So which makes more sense to you? To convert the world's
> programmers to a new language? Or to teach them to code securely?
Surely, if
> we were to replace C today, they would just find other ways to write
> insecure code?
[snipped out all the rest]
Powered by blists - more mailing lists