|
|
Patrick Elliott wrote:
> Ah.. So, we should fix the problem created by adding flexibility to the
> languages, so we can do more than pre-tested, pre-coded, very strict
> things, by getting rid of all the flexibility?
No. If your language assumes you can't cast an arbitrary pointer to a
function's address (for example), you can enforce (or mostly enforce except
where you declare that you recognise you're bypassing it) that and get a
more secure system. If your language assumes you're not on a harvard
architecture (i.e., assumes that code and data live in the same address
space), then you can take advantage of that and wind up with things like
javascript and lisp.
The security failure comes from environments that assume, but don't enforce,
that data isn't executable.
But really, my original point was descriptive rather than proscriptive.
--
Darren New, San Diego CA, USA (PST)
"How did he die?" "He got shot in the hand."
"That was fatal?"
"He was holding a live grenade at the time."
Post a reply to this message
|
|