1996-03-25 - Re: RISKS: Princeton discovers another Netscape security flaw
Header Data
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
To: cypherpunks@toad.com
Message Hash: c1d3413cc9a94fb436f65f7ce87a223712beb2d6b34ad4dab91b192df3e790a0
Message ID: <9603251947.AA0350@smtp1.chipcom.com>
Reply To: N/A
UTC Datetime: 1996-03-25 20:56:43 UTC
Raw Date: Tue, 26 Mar 1996 04:56:43 +0800
Raw message
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Tue, 26 Mar 1996 04:56:43 +0800
To: cypherpunks@toad.com
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
Message-ID: <9603251947.AA0350@smtp1.chipcom.com>
MIME-Version: 1.0
Content-Type: text/plain
ses @ tipper.oit.unc.edu (Simon Spero wrote:
>A pound to a bucket of ferrets this is another visit from our good friends
>Capt. Overrun and the static buffers, in which case it's more an indictment
>of C
So? I agree that it's essentially impossible to write reliable code
in C, just as in assembly language. Actually, it's easier in assembly
language because then you KNOW you have to do all the work
yourself, while C misleads you into thinking it does some of the
work for you when in fact it does not.
That doesn't affect the point at all, though.
The job of doing something like what Java claims to do correctly
is basically equivalent to the job of creating an A2 grade operating
system. (Don't bother looking for any, as far as I know the designation
A2 doesn't even exist anymore because it is still beyond the state
of the art. It means "verified implementation", i.e., the implementation
-- not just the design as in in A1 -- is provably correct. Note that
a strict interpretation of this would involve holding not just the code
itself but also the tools that act on it -- like compilers, and microcode
in machines that have it -- to A2 standards. If you wonder why, consider
the famous Unix login hack from many years ago that involved
a hack in the C compiler.)
paul
!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com or paul_koning@3mail.3com.com
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over
! any member of a civilized community, against his will, is to prevent
! harm to others. His own good, either physical or moral, is not
! a sufficient warrant." -- John Stuart Mill, "On Liberty" 1859
Thread
Return to March 1996
- Return to “Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com”
- Return to ““Paul S. Penrod” <furballs@netcom.com>”
Return to “Simon Spero <ses@tipper.oit.unc.edu>”
- 1996-03-25 (Tue, 26 Mar 1996 04:56:43 +0800) - Re: RISKS: Princeton discovers another Netscape security flaw - Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
- 1996-03-26 (Tue, 26 Mar 1996 08:42:44 +0800) - Re: RISKS: Princeton discovers another Netscape security flaw - Simon Spero <ses@tipper.oit.unc.edu>
- 1996-03-26 (Tue, 26 Mar 1996 13:18:37 +0800) - Re: RISKS: Princeton discovers another Netscape security flaw - “Paul S. Penrod” <furballs@netcom.com>