It's Time to Abandon Insecure Languages

Andreas Bogk andreas at andreas.org
Fri Jul 19 03:44:16 EDT 2002 

"R. A. Hettinga" <rah at shipwright.com> quotes eWeek:

> Both these problems are due to our old nemesis, the "buffer overflow" that
> lets rogue code sneak in through a door marked "data." These holes

Sometimes I wonder when the IT industry will finally learn.  Buffer
overflow exploits were at the heart of the 1988 Internet worm.  And at
least its author, Robert T. Morris Jr, learned from it and started
writing Internet applications in Common Lisp.

> demonstrate that we must switch to writing security-sensitive code in
> managed environments, like the Java virtual machine or .Net run-time, that
> continually enforce code/data distinctions.

"Managed environments" are not necessary, it's enough to use a
language that's able to enforce it's own semantics.  "Managed
environments" are a lame replacement for actual capability-based
operating systems.

> We have to get over the bias that there's something dishonorable about
> choosing languages that prize safety over pure efficiency. Hardware

Actually, there are a couple of languages out there that beat C/C++
both in terms of efficiency *and* safety.  The International Contest
for Functional Programming has been won consistently by teams *not*
using C/C++, and that's not because nobody tried.

> capacity is growing faster than programmer accuracy. It's time to require
> case-by-case justification of C and C++, the tools that grease the floor
> and let developers run with knives.

If we understand that C/C++ are bad languages, I think it's about time
to question the justification of using operating systems written in
these languages as well.

> goals; ISVs need to stop taking chances their bugs won't be found; CPU and
> language creators need to continue research into just-in-time compiler

Modern compilers for modern languages are already faster than
just-in-time compilers for Java and .NET will ever be.

I'm involved in maintaining a Dylan compiler, and we can keep up with
C in terms if performance:

http://groups.google.com/groups?dq=&lr=&ie=UTF-8&selm=457e22d8.0207150346.4b3912cc%40posting.google.com&rnum=12

Note that we do bounds checking, garbage collection and dynamic type
checks, which C doesn't.

See http://www.gwydiondylan.org/ for more.

Andreas

-- 
"In my eyes it is never a crime to steal knowledge. It is a good
theft. The pirate of knowledge is a good pirate."
                                                       (Michel Serres)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list