From owner-freebsd-security Wed Jul 22 08:00:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA15879 for freebsd-security-outgoing; Wed, 22 Jul 1998 08:00:35 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA15866 for ; Wed, 22 Jul 1998 08:00:31 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id IAA04129; Wed, 22 Jul 1998 08:59:59 -0600 (MDT) Message-Id: <199807221459.IAA04129@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 22 Jul 1998 08:59:53 -0600 To: Andrew Kenneth Milton From: Brett Glass Subject: Re: Translation to a safer language (Was: Projects to improve security) Cc: security@FreeBSD.ORG In-Reply-To: <199807221438.OAA08927@zeus.theinternet.com.au> References: <199807220250.UAA23367@lariat.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:38 PM 7/22/98 +0000, Andrew Kenneth Milton wrote: >Anything with a cast operator is out then... > >That nails, C++, Modula*, Java, C. I disagree. Casting used in certain limited ways is necessary, as are variant records. However, mechanisms must be in place to use it safelly. >Bad code, is bad code, it doesn't matter what language you code in. However, the language can make sure that much of the bad code won't compile, or that problems will be caught at runtime. >The only way to prevent bad code is to audit and test. It'd be nice if even *that* worked. I've developed a renewed interest in mechanical verification. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message