From owner-freebsd-hackers  Fri Aug 14 12:40:47 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA28437
          for freebsd-hackers-outgoing; Fri, 14 Aug 1998 12:40:47 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from lorraine.loria.fr (lorraine.loria.fr [152.81.1.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA28431
          for <hackers@FreeBSD.ORG>; Fri, 14 Aug 1998 12:40:44 -0700 (PDT)
          (envelope-from Olivier.Galibert@loria.fr)
Received: from renaissance.loria.fr (renaissance.loria.fr [152.81.4.102])
	by lorraine.loria.fr (8.8.7/8.8.7/8.8.7/JCG) with ESMTP id VAA01385
	for <hackers@FreeBSD.ORG>; Fri, 14 Aug 1998 21:39:03 +0200 (MET DST)
Received: (from galibert@localhost) by renaissance.loria.fr (8.8.2/8.8.2) id VAA09267; Fri, 14 Aug 1998 21:39:02 +0200 (MET DST)
Message-ID: <19980814213902.D9044@loria.fr>
Date: Fri, 14 Aug 1998 21:39:02 +0200
From: Olivier Galibert <galibert@pobox.com>
To: hackers@FreeBSD.ORG
Subject: Re: 64-bit time_t
References: <199808141733.LAA24664@lariat.lariat.org> <199808141746.KAA20357@shasta.wstein.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <199808141746.KAA20357@shasta.wstein.com>; from Joseph Stein on Fri, Aug 14, 1998 at 10:46:55AM -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Aug 14, 1998 at 10:46:55AM -0700, Joseph Stein wrote:
> There is no such thing as a "safe" tool.  You can write code in assembly
> language and still end up with security holes.  Until someone writes a
> compiler (for *any* compiled language) that will test for every possible
> conceivable security holes (volunteers needed...) there will be security
> holes in *every* application -- that can be fixed when found, using, the
> "unsafe" tool that was used to create it.

There  are safe tools.  They  are called "formal languages" or "formal
methods"  and  combine  the power  of  strictly specified  programming
languages and mathematical  provers.  Writing something like  sendmail
of telnetd with what currently exists is  out of the picture, but they
already are used to prove sections of life-critical code.

Just a matter of time.

  OG.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message