How security holes happen
Chris Angelico
rosuav at gmail.com
Mon Mar 3 18:36:03 EST 2014
On Tue, Mar 4, 2014 at 10:05 AM, Roy Smith <roy at panix.com> wrote:
> In article <mailman.7670.1393885170.18130.python-list at python.org>,
> Cameron Simpson <cs at zip.com.au> wrote:
>
>> On 03Mar2014 09:17, Neal Becker <ndbecker2 at gmail.com> wrote:
>> > Charles R Harris <charlesr.harris at gmail.com> Wrote in message:
>> > >
>> >
>> > Imo the lesson here is never write in low level c. Use modern
>> > languages with well designed exception handling.
>>
>> What, and rely on someone else's low level C?
>
> Don't laugh. http://c2.com/cgi/wiki?TheKenThompsonHack
I don't think malicious interference with C compilers is the issue
here, so much as the constant discovery of flaws in honestly-written C
code.
Currently, I'm porting a MUD client from C++ to Pike. On average, a
hunk of code shrinks by about 50% during the translation, mainly
because I can let memory management happen elsewhere. (Sometimes the
difference is even more dramatic. I wrote my own binary tree in the
C++ client, because the compiler I was targeting at the time didn't
provide a suitable mapping type; now, I just call on the language's
facilities, and it's more efficient and takes no code whatsoever.
That's basically one entire module eliminated.) Along the way, I'm
noticing myriad little issues around the place, where too much data
would result in something being truncated (I was careful in most
places to ensure that it couldn't blow the stack, although I certainly
wouldn't bet money that I was perfect on that score), and the
truncation could have unexpected results. Malformed data coming in
over a TCP socket would eventually consume all the buffer space and
then make the client think the other end had closed its connection.
That one I knew about and didn't care, but there were others that were
weird and esoteric and would *most likely* never happen.
Writing low level code opens you up to a huge collection of weird
behaviours that might, at best, become bug reports that you spend
hours trying to solve. At worst, they become exploits. Yes, high level
languages have their own attack vectors, but I'd much rather have the
entire python-dev team working to solve my problems than me alone :)
ChrisA
More information about the Python-list
mailing list