From owner-freebsd-hackers  Fri Aug 14 11:21:07 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA12341
          for freebsd-hackers-outgoing; Fri, 14 Aug 1998 11:21:07 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA12335
          for <hackers@FreeBSD.ORG>; Fri, 14 Aug 1998 11:21:05 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.6) id MAA25200;
	Fri, 14 Aug 1998 12:20:32 -0600 (MDT)
Message-Id: <199808141820.MAA25200@lariat.lariat.org>
X-Sender: brett@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.44 (Beta)
Date: Fri, 14 Aug 1998 12:20:25 -0600
To: Joseph Stein <joes@shasta.wstein.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: 64-bit time_t
Cc: mike@smith.net.au, hackers@FreeBSD.ORG
In-Reply-To: <199808141746.KAA20357@shasta.wstein.com>
References: <199808141733.LAA24664@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 10:46 AM 8/14/98 -0700, Joseph Stein wrote:
 
>There is no such thing as a "safe" tool.  You can write code in assembly
>language and still end up with security holes.

Of course. Assembly language has even fewer safeguards against shooting
oneself in the foot, though in many cases it's easy to spot and prevent
problems than it is in C.

>Until someone writes a
>compiler (for *any* compiled language) that will test for every possible
>conceivable security holes (volunteers needed...) there will be security
>holes in *every* application -- that can be fixed when found, using, the
>"unsafe" tool that was used to create it.

This argument (which, again, is often used to justify doing nothing) is
analogous to saying, "If it's not absolutely impossible to kill myself 
in a car under any conditions, there's no point in requiring it to have 
any basic safety features such as seat belts."

My personal opinion is that we, as software professionals, should take
a more professional attitude about this.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message