Re: Public disclosure of discovered vulnerabilities

Andrew Reilly wrote:
> Bryan Olson wrote:
>
>>A stray pointer
>>anywhere in the process can reach into objects of the array
>>class and change them to an invalid state, such that they
>>subsequently index out of bounds. Modern languages with strong
>>type systems do not allow such things to happen.
>
> That (the ability to access any (mapped) memory address) is a
> characteristic of the hardware on which most compiled programs run.
> Modern languages don't help you whenever your pointers get handed to you
> by external modules or corrupted by hardware failures.

If the question is whether languages can defend against
compromise by other, privileged, components, over which they
have no control, the answer is: of course not. That is *not*
the issue here. The question was whether C can provide the same
safety and protection as other languages.

There is nothing C modules can do that will reliably defend
against attack, or even inadvertent errors, in other C code
within the process. More modern languages with strong type
systems do not have that weakness. There is no way to write ML
code that breaks independent ML modules. ML is safe against ML
code. C is not safe against C code.

> That sounds like a perfect place for the segment descriptor/capability
> machine fans to leap back into the fray :-) Have at it...

There is certainly a case for code segregation by O.S. and
hardware. Language safety, nevertheless, offers reliability
advantages that hardware and operation systems can not provide.

-- 
--Bryan