undefined | Better HN

0 pointstptacek5y ago0 comments

We have 30 years of experience showing that ordinary heap overflows are not in fact easy to spot in code review, security review, security audits, and fuzzing. Each of those modalities eliminates a slice of the problem, and some of them --- manual review modalities --- will remove different slices every time they're applied; different test team, different bugs.

To me, this strongly suggests that the problem is in fact memory-unsafe languages, and not general engineering practices.

Apple, by the way, has all the things you're talking about in place, and in spades.

0 comments

7 comments · 4 top-level

Cyph0n5y ago· 2 in thread

The way I look at it is that relying exclusively on manual review is at best the same as relying on both manual review and a memory safe language.

In practice, the best case and average case rarely line up.

tptacekOP5y ago

You don't have to manually review for classes of vulnerability that your programming environment forecloses on.

Cyph0n5y ago

Good point - all the more reason to use a memory safe language!

scoutt5y ago· 1 in thread

> the problem is in fact memory-unsafe languages, and not general engineering practices.

Languages don't introduce bugs by themselves. Engineers produced those bugs.

I always thought that bugs are the programmers' fault, and not to blame the language. It's like blaming the English language because it allows you to misuse it and manufacture very offensive racial slurs, or to be rude and cruel, and thus we should replace it with another language that doesn't allow to exploit these weaknesses. We won't be able to express ourselves with beautifully (low-level) crafted poems anymore, but that's the price to pay.

tiborsaas5y ago

There are inherent features of human languages that force you into weird issues. English for example has gender pronouns and that's why you see in profiles how you should approach someone. It's not like they want to add it, it's that they have to if it bothers them when people misuse them.

In Hungarian we don't have this problem at all, there's no concept of gender specific pronouns.

thenewwazoo5y ago

I agree that the problem is memory-unsafe languages.

You can improve the tools, or you can improve the human, and nobody has managed to improve the human despite decades of trying.

gok5y ago

OTOH, we don't really have evidence to show that memory safety is effective in kernels/drivers because no memory safe language has ever been deployed at scale for that purpose.

j / k navigate · click thread line to collapse