[Cryptography] It's all K&R's fault
Anne & Lynn Wheeler
lynn at garlic.com
Sat Apr 19 10:15:05 EDT 2014
On 04/18/14 23:53, Dave Horsfall wrote:
> Wasn't it Djikstra who wrote that "there is no language in which it is not
> the least bit possible to write buggy code"?
I've been pontificating for two decades about C language applications having
epidemic of exploits and vulnerabilities. It isn't that it is impossible to
write correct code in C ... or that it is impossible to write incorrect code
in other languages .... but that C string, pointer, and buffer semantics
results in significantly larger number of mistakes.
the original IBM mainframe product tcp/ip stack (in 80s) was implemented in vs/pascal and
not known to have any of the buffer/pointer problems epidemic in C language
implementations. I didn't do the original implementation ... but i made
the modifications to support RFC1044 and in some tuning tests between Cray
and IBM 4341 got possibly 500 times improvement in number of bytes moved
per instruction executed.
2002 paper "Thirty Years Later: Lessons from the Multics Security Evaluation"
http://www.acsac.org/2002/papers/classic-multics.pdf
referencing
http://csrc.nist.gov/publications/history/karg74.pdf
Multics was implemented in PLI and one of the observations was that
Multics was not known to have had any of the buffer/pointer problems
epidemic in C language implementations.
old post from decade ago about attempting to characterize exploits
from the CVE database
http://www.garlic.com/~lynn/2004e.html#43
there had been reports from the late 90s, that the majority of
internet vulnerability/exploits were buffer/pointer related.
They were no longer the majority ... the frequency hadn't dropped
... it was that other kinds had increased. Note that the 1996 MDC
at Moscone, all the banners said "internet" ... but the subtheme
in all the sessions was "preserve your investment". All the
automatic execution of visual basic code embedded in data files
... from the days of small closed, safe business LANs was
being preserved as low-level support for tcp/ip was being
added (but w/o the necessary added integrity and security measures).
I had some number of discussions with Mitre about CVE entries
were free-form and hard to analyze ... and suggested that they
add some structured keywords. In any case, nearly a year
later NIST releases similar analysis. old post
http://www.garlic.com/~lynn/2005b.html#20
referencing Linux magazine quoting NIST CVE study.
as an aside, multics sites
http://www.multicians.org/sites.html
I use to see some number of agency people in financial
industry security & crypto meetings ... in the 90s, their email
was #76 in above list.
other drift ... I was at science center involved in virtual
machines and some number of other things ... which was on
the 4th flr, 545 tech sq. Multics was on the 5th flr in same
bldg ... some there was little feeling of competition between
the two groups.
#72 was AFDSC ... in late 70s some AFDSC people came by to
talk about what was going to be 210 vm/4341s (more than the
total of all multics installations).
--
virtualization experience starting Jan1968, online at home since Mar1970
More information about the cryptography
mailing list