[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FCB14B8.27738.6BAFEC92@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: automated vulnerability testing
"Jonathan A. Zdziarski" <jonathan@...learelephant.com> wrote:
> Everyone used to say Java was inherently secure, and look what happened
> to it... plagued with vulnerabilities. No language is secure unless you
> make it so restrictive that it isn't capable of doing anything useful.
Methinks you are confusing your Javas...
There is "the Java runtime environment" (which is pretty much
inherently secure by design) and "the Java programming language" (which
is pretty much like any other programming language from the
perspective of the security of standalone applications built with it).
The Java environment's design, of course, has to be implemented to be
useful and guess what programming language many (most?) such
implementations have used?? Yep, C and/or C++. This was directly
exploitable in at least one case where the underlying C/C++ function
processing some data from the Java environment did not do suitable
bounds checks allowing an integer overflow to "break" the underlying
implementation. The security of the Java runtime's design was still
intact but the C programmer trying to implement it got it wrong. I
think most other failures of various Java runtime implementations have
been "simpler" logical errors rather than being due to weaknesses in
the programmer/implementation language interface but this is not an
area I'm closely familiar with.
> Good programming relies on the programmer (as most have said in this
> thread).
Yep, and when the programmers chosen cannot even correctly derive the
logic tables for the many multifaceted decisions so many programmatic
security decisions depend on then, as someone else pointed out recently
in this thread, the language choice issue may be largely irrelevant.
> If you want to harden up your C programs, there are a few stack
> protectors and such out there you can compile/link with that will
> protect your code from typical stack smashing vulnerabilities and such.
> There are also OS hardening tools out there to perform similar
> protection.
Aren't such measures -- especially the former -- simply crutches that
effectively _encourage_ the continuation of poor (even downright
negligent) programming practices? (This does not mean that they cannot
or do not help, especially if you are in the position of being able to
build your own binaries but from source you have not the time/resources
to audit, but advocating their use _by developers_ is, IMHO, a _VERY
BAD THING_.
Regards,
Nick FitzGerald
Powered by blists - more mailing lists