Security is the bits you disable before you ship
Steven M. Bellovin
smb at cs.columbia.edu
Tue Mar 15 10:59:56 EST 2005
In message <E1DB5Cr-0003GP-00 at medusa01.cs.auckland.ac.nz>, Peter Gutmann writes
:
>>From a news.com story about features of gcc 4.0, available at
>http://news.com.com/Key+open-source+programming+tool+due+for+overhaul/2100-734
>4_3-5615886.html
>
> Key open-source programming tool due for overhaul
> Published: March 14, 2005, 10:46 AM PST
> By Stephen Shankland
> Staff Writer, CNET News.com
>
> [...]
>
> GCC 4.0 also introduces a security feature called Mudflap, which adds extra
> features to the compiled program that check for a class of vulnerabilities
> called buffer overruns, Mitchell said. Mudflap slows a program's
> performance, so it's expected to be used chiefly in test versions, then
> switched off for finished products.
>
>So you have an interesting definition of a security feature as "the bit you
>disable before the product goes into the environment where it'll be subject to
>attack".
>
That's not new, either. I believe it was Tony Hoare who likened this
to sailors doing shore drills with life preservers, but leaving them
home when they went to sea. I think he said that in the 1970s; he said
this in his Turing Award lecture:
The first principle was security... A consequence of this
principle is that every occurrence of every subscript of
every subscripted variable was on every occasion checked
at run time... I note with fear and horror that even in
1980, language designers and users have not learned this
lesson.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list