dudrenov at gmail.com
Mon Mar 23 20:35:30 EDT 2009
On Mon, Mar 23, 2009 at 5:28 PM, Thomas Lord <lord at emf.net> wrote:
> Suffice it to say that I think language
> design is the absolute wrong place to
> address computer security that way.
> Language design problems have enough
> on their plate and their are more direct
> ways to address security problems.
> So, I don't care so much about "attackers"
> of the sort about which you quote a comment.
> On Mon, 2009-03-23 at 19:37 -0400, John Cowan wrote:
>> Thomas Lord scripsit:
>> > The freedom of an implementation to go either
>> > way on that point is a good reflection of the
>> > fact that neither way is obviously better than
>> > the other *and* it is easy for programs to not
>> > rely on one way or the other.
>> > Changing the language to force one choice is
>> > just arbitrary. It adds an implementation burden.
>> > It punts on the question of which choice is better.
>> I'll just quote here from an email on the ECMAscript 3.1 mailing list
>> not necessarily because I agree with it, but so that the opposing
>> point of view is recognized:
>> > Conventional developers seek only functionality, and stay away from
>> > edge conditions. Attackers seek opportunities in edge conditions. So
>> > defenders must reason about the limits on the damage that might be
>> > caused by these edge conditions.
>> > Put another way, conventional developers must code to the intersection
>> > semantics of the platforms in question, since a correct program must
>> > work across all these platforms. Attackers can seek opportunities in
>> > the union semantics, since an attack that works on any platform is
>> > still a successful attack. More deterministic specs narrow the gap
>> > between these two.
> r6rs-discuss mailing list
> r6rs-discuss at lists.r6rs.org
More information about the r6rs-discuss