Re: OT: Re: Secure popen

From: Ryan Russell (ryanat_private)
Date: Fri Jun 29 2001 - 12:32:40 PDT


On Thu, 28 Jun 2001, Crispin Cowan wrote:

> It is a given that it is possible to write secure, readable code in
> ANY programming language.  In discussing the security merrits of a
> programming language, we are not talking about the possible great
> heights of achievement in that language, we are talking about the
> depths of horrible coding practice that are possible (or common) in
> that language, and the difficulty of a source code auditor in finding
> such bad practice.  Perl is VERY bad in that regard.

To pick a nit, I think this is the functionality vs. security argument
again.  I've heard the term "turing complete" used to indicate languages
that you can essentially implement any algorithm in.  It is possible to
make a turing complete language whose function calls handle user input so
sloppily that it would be essentially impossible to write a secure program
in it.  Imagine for example a language whose string functions ALL had the
potential to overflow, based on contents, even when you first grab the
string, before you get to filter it.  Stupid, but possible.

Not that I'm trying to imply that perl or C are in this category, but
rather that (unfortunately for us perhaps) there is a difference in
languages in terms of secure programming.

As a strawman, I would use Java as an example of a language which has
fewer potential security problems, by most conventional measures.  It's
not idiot-proof, for really determined idiots.

					Ryan



This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 12:08:45 PDT