Security is the bits you disable before you ship
Russell Nelson
nelson at crynwr.com
Wed Mar 16 11:05:57 EST 2005
Steven M. Bellovin writes:
> That's not new, either. I believe it was Tony Hoare who likened this
> to sailors doing shore drills with life preservers, but leaving them
> home when they went to sea. I think he said that in the 1970s; he said
> this in his Turing Award lecture:
>
> The first principle was security... A consequence of this
> principle is that every occurrence of every subscript of
> every subscripted variable was on every occasion checked
> at run time... I note with fear and horror that even in
> 1980, language designers and users have not learned this
> lesson.
This is true, however, I've seen Dan Bernstein (and you don't get much
more careful or paranoid about security than Dan) write code like
this:
static char line[999];
len = 0;
len += fmt_ulong(line + len,rp);
len += fmt_str(line + len," , ");
len += fmt_ulong(line + len,lp);
len += fmt_str(line + len,"\r\n");
Of course, the number of characters that fmt_ulong will insert is
limited by the number of bits in an unsigned long, and both strings
are of constant length.
--
--My blog is at blog.russnelson.com | The laws of physics cannot
Crynwr sells support for free software | PGPok | be legislated. Neither can
521 Pleasant Valley Rd. | +1 315-323-1241 cell | the laws of countries.
Potsdam, NY 13676-3213 | +1 212-202-2318 VOIP |
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list