[Cryptography] I don't get it.

[Peter Fairbrother]

On 17/04/14 19:22, Bear wrote:
> On Thu, 2014-04-17 at 13:10 +0100, Peter Fairbrother wrote:

>> Malloc and free? Only in kernels and kexts, maybe drivers at a pinch.
>>
>
> Eh.  I don't have a problem with them, although I'd want to see
> users provided with *other* methods of doing dynamic memory that
> make them less attractive;  in particular, there should be library
> calls for building and managing dynamically allocated data
> structures that tuck the malloc/free stuff under the corners where
> the user doesn't need to do it themselves.

That would be called bounds-checked strings and arrays. And no 
non-bounds-checked strings and arrays.

> Sometimes the user needs sharp tools; but if you can anticipate
> the need, it's nicer to give him what he needs so he doesn't need
> to use the sharp tools to carve it for himself.

Yep.

And 99% of the time bounds-checked strings and arrays would do the job 
just fine. But C programmers don't use them 99% of the time - in fact 
they don't use them at all, because mostly they don't exist - so they 
might as well use the sharp malloc/memcpy as the almost equally sharp 
string/array commands

>> Another thing I'd like to see as a (mandatory) goal would be repeatable
>> compilation, so if you used the same source, compiler and compiler
>> settings then you got the same object code out.
>
> This is already true, isn't it, with the caveat that you also have
> to rely on it being the same set of system libraries?

https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise

https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details


You know why I titled this thread "I don't get it"? Because I really 
don't understand why no-one has fixed this. It has been a known problem 
for 30 plus years, and it is responsible for well over half of all the 
known security bugs.

So why haven't they fixed it?


-- Peter Fairbrother