Expanding the list of "Hardened Packages"
Florian Weimer
fweimer at redhat.com
Tue Apr 16 12:05:39 UTC 2013
On 04/15/2013 08:17 PM, Miloslav Trmač wrote:
> Sure, moving away from C/C++ does not make programs completely secure;
> however, on average, C/C++ programs are noticeably less secure (because
> most vulnerabilities that can happen in higher-level languages can also
> happen in C, but not the other way around).
To illustrate this point, here's a fairly concrete example: If you have
got a program that is written in a memory-safe language which also
provides some form of encapsulation, it is possible to demonstrate
convincingly (*) that a software module which provides an
encryption/decryption service never leaks the key material. If there is
no memory safety, other code in the program could peek at the key bits,
and encapsulation is no longer guaranteed. What should be a local
property of the module now turns into a global property of the program,
making review more difficult.
(*) As soon as cryptography is involved, mathematically rigorous results
are the exception.
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list