[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"

Fri Aug 26 03:42:23 EDT 2016

On Aug 25, 2016, at 3:06 PM, Steven M. Bellovin <smb at cs.columbia.edu> wrote:

> On 24 Aug 2016, at 19:12, Dave Horsfall wrote:
> 
>> Apologies if this appears twice; I had connectivity problems.
>> 
>> -----
>> 
>> On Wed, 24 Aug 2016, Viktor Dukhovni wrote:
>> 
>>> Sadly incorporating safer standard facilities into the C library is a
>>> herculean effort.  My take is that the difficulty with C is not so much
>>> the language as the rather minimal runtime.  If the C library were
>>> substantially richer, most programmers would use safer built-in
>>> interfaces rather than write unsafe code, or roll their own "safe" code
>>> badly.
>> 
>> As someone who has used C since about 1976, I can safely say that it was
>> never designed to be secure; it is merely a high-level assembly language.
>> 
> Precisely.  I first heard more or less that line from Doug McIlroy himself;
> he called C the best assembler language he'd ever used.

C has (at least) one serious flaw even when judged as an assembly language: the only way to do a transfer of control outside of the current function is to either call another function or return to the callee.  You can’t GOTO a label outside of the current function.  That makes it impossible to implement tail recursion in pure C unless you compile your entire program into a single C function.

This is a serious problem IMHO because entire generations of programmers have been raised to believe that function calls are fundamentally different from loops, and that for FOR(init; step; end) construct is somehow fundamental, that any language that doesn’t have this construct is weird and probably broken.  This single design flaw has probably done more to retard progress in programming language development than any other mistake in the history of computer science.

rg