Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Computer Security : Re: Computer Security Server Time
3 Sep 2024 11:22:06 EDT (-0400)
  Re: Computer Security  
From: Patrick Elliott
Date: 17 Feb 2011 21:34:26
Message: <4d5ddab2$1@news.povray.org>
 
On 2/16/2011 8:19 PM, Darren New wrote:
> Patrick Elliott wrote:
>> Ah.. So, we should fix the problem created by adding flexibility to
>> the languages, so we can do more than pre-tested, pre-coded, very
>> strict things, by getting rid of all the flexibility?
>
> No. If your language assumes you can't cast an arbitrary pointer to a
> function's address (for example), you can enforce (or mostly enforce
> except where you declare that you recognise you're bypassing it) that
> and get a more secure system. If your language assumes you're not on a
> harvard architecture (i.e., assumes that code and data live in the same
> address space), then you can take advantage of that and wind up with
> things like javascript and lisp.
>
> The security failure comes from environments that assume, but don't
> enforce, that data isn't executable.
>
> But really, my original point was descriptive rather than proscriptive.
>
Yeah. Was taking it as proscriptive to make a joke of it. Still, would 
think there could be some sort of middle ground. Like.. checking that 
the code you are about to change from data to code isn't going to do 
something unexpected, or, if it does try to, it hits a wall (i.e., can't 
allocate the memory needed to muck things up). Always amazed me how many 
of these stupid things where a case of, "Someone put more data in the 
thing that normal, but changed X parameter, so it 'looked like' it was 
smaller, but the buffer wasn't smart enough to realize that the data was 
10k bigger than what the packet 'claimed' it contained." Uh, huh.. Got 
your Comp Sci degree from Liberty U did you, and just assumed God 
wouldn't let it happen, or something? lol

Mind, a lot of this comes from the, as previously described by someone 
else in a thread here, habit of companies assuming that you can find all 
these things, when you hacked together a "show model", with lots of 
short cuts, and suddenly got told it had to become a production model in 
50% of the time you told them it would actually take (since, obviously, 
you could show them what it did, so it much be almost finished!).

-- 
void main () {
   If Schrödingers_cat is alive or version > 98 {
     if version = "Vista" {
       call slow_by_half();
       call DRM_everything();
     }
     call functional_code();
   }
   else
     call crash_windows();
}

<A HREF='http://www.daz3d.com/index.php?refid=16130551'>Get 3D Models, 
3D Content, and 3D Software at DAZ3D!</A>


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.