lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1067432291.716.13.camel@hellfire>
From: pz at psychozapp.de (Sebastian Herbst)
Subject: Coding securely, was Linux (in)security


> Duh. That's a complete misunderstanding of the halting problem - which
> is, in essence, that you can't write a program which can predict, in
> general, whether another program will halt. Its perfectly possible to
> write programs that are guaranteed to halt.

The statement was: "There is no programming language that prevents you
from writing insecure code". And that is true, as long as "insecure
code" means vulnerability to DoS. IMHO that would be "incorrect" not
"insecure" code, since an attacker is not able to get sensible data, or
additional rights("shutting down" the service is public right because of
incorrect code). Btw (almost) every programming language gives the
versatile programmer the possibility to write proof-able correct and
secure programs. 

-- 
/~\ The ASCII                         Sebastian Herbst
\ / Ribbon Campaign                   pz@...chozapp.de  
 X  Against HTML
/ \ Email!           D90E 548A F4F9 5C1E 67E5  06A7 C426 3827 1568 206D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031029/9b51ebc0/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ