[13564] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Jun 10 22:26:36 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <4.2.2.20030608173129.00a99bb0@mail.earthlink.net>
Date: Tue, 10 Jun 2003 15:39:38 -0700
To: Anne & Lynn Wheeler <lynn@garlic.com>
From: Bill Frantz <frantz@pwpconsult.com>
Cc: "Email List: Cypherpunks" <cypherpunks@lne.com>,
"Email List: Cryptography" <cryptography@metzdowd.com>
At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote:
>somebody (else) commented (in the thread) that anybody that currently
>(still) writes code resulting in buffer overflow exploit maybe should be
>thrown in jail.
A nice essay, partially on the need to include technological protections
against human error, included the above paragraph.
IMHO, the problem is that the C language is just too error prone to be used
for most software. In "Thirty Years Later: Lessons from the Multics
Security Evaluation", Paul A. Karger and Roger R. Schell
<www.acsac.org/2002/papers/classic-multics.pdf> credit the use of PL/I for
the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac
world, a successor language has not yet appeared.
YMMV - Bill
-------------------------------------------------------------------------
Bill Frantz | Due process for all | Periwinkle -- Consulting
(408)356-8506 | used to be the | 16345 Englewood Ave.
frantz@pwpconsult.com | American way. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
