RE: Writing Secure code

From: Jeremy Epstein (jepsteinat_private)
Date: Fri Dec 27 2002 - 09:46:05 PST

Next message: John Viega: "Re: Writing Secure code"

Previous message: Rahul Chander Kashyap: "Writing Secure code"
In reply to: Rahul Chander Kashyap: "Writing Secure code"
Next in thread: Valdis.Kletnieksat_private: "Re: Writing Secure code"
Next in thread: John Viega: "Re: Writing Secure code"
Reply: Valdis.Kletnieksat_private: "Re: Writing Secure code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> And one more thing...<this one might be interesting ;-)>  Is it possible
> to write code that is completely secure and not exploitable?

Yes.

main() { exit(0); }

is completely secure and not exploitable.  Beyond that, you're on your own
:-)

I think what you really mean is "is it possible to write code THAT DOES
SOMETHING USEFUL that is completely secure and not exploitable".  In
general, the answer is "no".  Any program of even moderate complexity, by
today's standards, includes so much baggage that it's impossible to say with
absolute certainty that it's secure.  Even if there's no vulnerabilities in
your code, the stuff you drag in (e.g., DLLs) is highly likely to have
problems.

--Jeremy

Next message: John Viega: "Re: Writing Secure code"
Previous message: Rahul Chander Kashyap: "Writing Secure code"
In reply to: Rahul Chander Kashyap: "Writing Secure code"
Next in thread: Valdis.Kletnieksat_private: "Re: Writing Secure code"
Next in thread: John Viega: "Re: Writing Secure code"
Reply: Valdis.Kletnieksat_private: "Re: Writing Secure code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 15:47:53 PST