Re: A way to prevent buffer overflow exploits?

conway@cs.mu.OZ.AU (Thomas Charles CONWAY)
16 Aug 1998 22:49:55 -0400

          From comp.compilers

Related articles
[5 earlier articles]
Re: A way to prevent buffer overflow exploits? pizka@informatik.tu-muenchen.de (1998-08-03)
Re: A way to prevent buffer overflow exploits? fjh@cs.mu.OZ.AU (1998-08-04)
Re: A way to prevent buffer overflow exploits? bear@sonic.net (Ray Dillinger) (1998-08-10)
Re: A way to prevent buffer overflow exploits? eodell@pobox.com (1998-08-13)
Re: A way to prevent buffer overflow exploits? khays@sequent.com (1998-08-16)
Re: A way to prevent buffer overflow exploits? shriram@cs.rice.edu (Shriram Krishnamurthi) (1998-08-16)
Re: A way to prevent buffer overflow exploits? conway@cs.mu.OZ.AU (1998-08-16)
Re: A way to prevent buffer overflow exploits? genew@vip.net (1998-08-17)
Re: A way to prevent buffer overflow exploits? conway@cs.mu.OZ.AU (1998-08-17)
Re: A way to prevent buffer overflow exploits? chase@world.std.com (David Chase) (1998-08-19)
Re: A way to prevent buffer overflow exploits? eodell@pobox.com (1998-08-19)
Re: A way to prevent buffer overflow exploits? richard@exaflop.org (Richard Matthias) (1998-08-19)
Re: A way to prevent buffer overflow exploits? joachim.durchholz@munich.netsurf.de (Joachim Durchholz) (1998-08-22)
| List of all articles for this month |

From: conway@cs.mu.OZ.AU (Thomas Charles CONWAY)
Newsgroups: comp.compilers
Date: 16 Aug 1998 22:49:55 -0400
Organization: Computer Science, The University of Melbourne
References: 98-07-242 98-07-246 98-08-014 98-08-029 98-08-081
Keywords: C, practice, comment

eodell@pobox.com (Eric O'Dell) writes:
[that overflowing buffers are the fault of the programmer
not the language]


Well, the same kind of argument can be used to say that assembly is
just as secure as a high level language, since errors such as getting
two registers mixed up (or whatever) is the fault of the programmer,
not the language, yet the vast majority of people agree that high
level languages *are* more secure than assembly.


I guess the bottom line is that if the design of the language can help
me avoid errors in the first place, then this is a good thing. Of
course, in some sense, the more errors it prevents, the less
expressive it is, however we hope that careful language design results
in a language that lets you conveniently express all the
good/useful/interesting programs in some domain, but prevents you from
writing the buggy/insecure/wrong ones, such as all those that contain
possible buffer overruns. :-)


Another example of how language design can avoid a class of errors is
that in Mercury, the compiler checks the `modes' in the program. One
view of this checking is that by doing it the compiler disallows
programs that contain unintitialized variable bugs. In C, this kind of
static proof is impossible.


Thomas
--
Thomas Conway <conway@cs.mu.oz.au>
[Please, let's try not to drift away from compiler topics. We all know
that Fortran programmers can write Fortran programs in any language,
that's not news. -John]
--


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.