From owner-freebsd-security  Fri Jul 24 02:14:39 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA25716
          for freebsd-security-outgoing; Fri, 24 Jul 1998 02:14:39 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA25703
          for <security@FreeBSD.ORG>; Fri, 24 Jul 1998 02:14:28 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id JAA09054;
	Fri, 24 Jul 1998 09:14:02 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id LAA11218;
	Fri, 24 Jul 1998 11:14:02 +0200 (MET DST)
Message-ID: <19980724111402.00430@follo.net>
Date: Fri, 24 Jul 1998 11:14:02 +0200
From: Eivind Eklund <eivind@yes.no>
To: Brett Glass <brett@lariat.org>,
        Andrew Kenneth Milton <akm@zeus.theinternet.com.au>
Cc: security@FreeBSD.ORG
Subject: Re: Translation to a safer language (Was: Projects to improve security)
References: <199807220250.UAA23367@lariat.lariat.org> <199807221438.OAA08927@zeus.theinternet.com.au> <199807221459.IAA04129@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <199807221459.IAA04129@lariat.lariat.org>; from Brett Glass on Wed, Jul 22, 1998 at 08:59:53AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Jul 22, 1998 at 08:59:53AM -0600, Brett Glass wrote:
> At 02:38 PM 7/22/98 +0000, Andrew Kenneth Milton wrote:
>  
> >Anything with a cast operator is out then...
> >
> >That nails, C++, Modula*, Java, C.
> 
> I disagree. Casting used in certain limited ways is necessary,
> as are variant records. However, mechanisms must be in place
> to use it safelly.

Casting should not be necessary - there came new typesystems last year
that let you describe complex cases (this is an integer, real, or JPEG
picture, but not a generic picture) and do compile-time verification
on them.  The typesystems are (supposedly) generic enough to be useful
for the way Lisp is typically used, and still simple enough that they
can be mechanically verified.  Now, if I'd only remembered their
name...

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message