POV-Ray: Newsgroups: povray.off-topic: Computer Security: Re: Computer Security

POV-Ray : Newsgroups : povray.off-topic : Computer Security : Re: Computer Security		Server Time 3 Sep 2024 11:23:07 EDT (-0400)

From: Darren New
Date: 16 Feb 2011 22:19:57
Message: <4d5c93dd$1@news.povray.org>

Patrick Elliott wrote:
> Ah.. So, we should fix the problem created by adding flexibility to the 
> languages, so we can do more than pre-tested, pre-coded, very strict 
> things, by getting rid of all the flexibility? 

No. If your language assumes you can't cast an arbitrary pointer to a 
function's address (for example), you can enforce (or mostly enforce except 
where you declare that you recognise you're bypassing it) that and get a 
more secure system. If your language assumes you're not on a harvard 
architecture (i.e., assumes that code and data live in the same address 
space), then you can take advantage of that and wind up with things like 
javascript and lisp.

The security failure comes from environments that assume, but don't enforce, 
that data isn't executable.

But really, my original point was descriptive rather than proscriptive.

-- 
Darren New, San Diego CA, USA (PST)
  "How did he die?"   "He got shot in the hand."
     "That was fatal?"
          "He was holding a live grenade at the time."

Post a reply to this message