Re: OT: UK okays warrantless remote hacking of PCs

On Wed, 7 Jan 2009 09:51:06 -0800, "Joel Koltner"
<zapwireDASHgroups@xxxxxxxxx> wrote:

"Sylvia Else" <sylvia@xxxxxxxxxxxxxxxxxxx> wrote in message
news:49640da8$0$7111$afc38c87@xxxxxxxxxxxxxxxxxxxxxxx
It doesn't help that software tends to be written in C and C++, which are
not safe languages - that is, programming mistakes can cause more than just
program failure, but allow corruption of data structures and the execution
of data

This is a somewhat misguided notion in that *not* using C/C++ just displaces
the problem: Instead of looking for exploits of an application directly, you
sit around looking for exploits of the virtual machines or system library or
"whatever it is" that's executer your "safer language." In general, it's not
at all a proven statement that exploiting *that* environment is any more
difficult than exploiting an application directly -- particular since "safe
language execution environments" tend to be updated more slowly than
applications themselves, so any exploits that are found tend to remain
effective for longer periods of time. (And think about something like the
ever-popular SQL insertion exploit -- doesn't mattter what language you wrote
your code in, if someone manages to get you to directly execute their string
on your database, they can still do whatever they want, limited only by the
permissions of the account you're using.)

I would agree that C/C++ typically it *easier* for novice/inexperienced
programmers to write exploitable code, I suppose, but the "solution" of "just
don't use them" is essentially the same as saying, "sports cars are dangerous,
therefore no one should be allowed to use them" rather than "sports cars are
dangerous, they're probably not the best first car for your 16-year-old."

---Joel

Or, designing with discrete components is dangerous, there are so many
ways to make a marginal circuit...


.

Relevant Pages

  • Re: why learn C?
    ... programming beginner. ... Any language that allows subroutines is procedural based. ... you can learn about algorithms and data structures ...
    (comp.lang.c)
  • Re: shell..an interpreter but whats an interpreter (help me clear these doubts please)
    ... today more than 99% of programming electronic processors and to interface ... When a C code is compiled it is translated to machine's language. ... An interpreter takes from a source code file individual statements which are then temporarily converted to machine code and executed and then discarded thus each statement in an interpreted source must be a 'standalone' operation. ... If you created a similar compiled executable to simply set a variable x with value 5 and ran that, on completion of the execution, x will have been created, set to 5 and then discarded at the end of the execution and is no longer available upon returning control to the shell. ...
    (comp.unix.shell)
  • Re: Factor
    ... emphasis on idiomatic programming is the greatest challenge. ... it sure is nice when a language gives you a rich and ... flexible set of data structures and algorithms that are designed so ... There is no reason to believe that my implementation of lists is ...
    (comp.lang.forth)
  • Re: OT: UK okays warrantless remote hacking of PCs
    ... not safe languages - that is, programming mistakes can cause more than just ... but allow corruption of data structures and the execution ... ever-popular SQL insertion exploit -- doesn't mattter what language you wrote ...
    (sci.electronics.design)
  • Re: Function and syntax for language support for parallel computing.
    ... syntactically by supporting language? ... covers the multiple processors. ... encapsulate a program block whose execution is initialed ... The interesting thing is a programming block has a single ...
    (comp.parallel)