Expanding the list of "Hardened Packages"

Conrad Meyer cemeyer at uw.edu
Tue Apr 23 04:46:57 UTC 2013


On Tue, 16 Apr 2013 14:05:39 +0200
Florian Weimer <fweimer at redhat.com> wrote:

> On 04/15/2013 08:17 PM, Miloslav Trmač wrote:
> > Sure, moving away from C/C++ does not make programs
> > completely secure; however, on average, C/C++ programs
> > are noticeably less secure (because most vulnerabilities
> > that can happen in higher-level languages can also happen
> > in C, but not the other way around).
> 
> To illustrate this point, here's a fairly concrete
> example:  If you have got a program that is written in a
> memory-safe language which also provides some form of
> encapsulation, it is possible to demonstrate convincingly
> (*) that a software module which provides an
> encryption/decryption service never leaks the key
> material.  If there is no memory safety, other code in the
> program could peek at the key bits, and encapsulation is no
> longer guaranteed.  What should be a local property of the
> module now turns into a global property of the program,
> making review more difficult.
> 
> (*) As soon as cryptography is involved, mathematically
> rigorous results are the exception.
> 

Memory-safe languages don't protect against key material
being left un-zeroed in pages, nor against side-channel
attacks due to non-constant operation timing, power, etc.
Sure there is a certain class of problems you aren't going to
get in Python that you are in C, but it's not a panacea.

Conrad


More information about the devel mailing list