From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,da46977c58c329df X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-06 13:25:56 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!newsfeeds.belnet.be!news.belnet.be!uni-erlangen.de!fu-berlin.de!uni-berlin.de!ppp-2-82.5800-11.telinco.NET!not-for-mail From: "Nick Roberts" Newsgroups: comp.lang.ada Subject: Re: Ada's Slide To Oblivion ... Date: Wed, 6 Feb 2002 21:27:06 -0000 Message-ID: References: <4519e058.0201310714.650888e1@posting.google.com> <3C598CAA.7040801@home.com> <3C59FCD3.928144FB@adaworks.com> <7v8za79id0.fsf@vlinux.voxelvision.no> NNTP-Posting-Host: ppp-2-82.5800-11.telinco.net (212.1.153.82) X-Trace: fu-berlin.de 1013030752 44437886 212.1.153.82 (16 [25716]) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Xref: archiver1.google.com comp.lang.ada:19682 Date: 2002-02-06T21:27:06+00:00 List-Id: "Ole-Hjalmar Kristensen" wrote in message news:7v8za79id0.fsf@vlinux.voxelvision.no... > > Both C and C++ are fundamentally insecure languages, because they require a > > 'flat' address space, with no differentiation between the executable > > (read-only) and variable (read-write) parts. This completely subverts the > > Where do you get this wild idea from? There is nothing in the language > definition which demands this. At least on UN*X, the executable part > is normally put in a read-only segment. But this is not an attribute > of the language, but of the hardware, OS, and the linker/loader. Perhaps I did not express myself clearly enough. If you were to re-read what I said, carefully, I think you will see that what I wrote does not deny that the executable part is put into read-only memory; on the contrary, I actually imply it. Allow me to try to clarify. The C language requires (in practice if not strictly in theory) that all pointers fit into one machine word. On 32-bit architectures, this almost invariably forces the use of a 'flat' address space (just an offset, with no segment number or equivalent). Which means that, for many architectures, the operating system cannot use segmentation (or other memory divisions) to detect a call or jump into read-write memory. If it were able to do this, it could prevent the execution of code which has been (maliciously caused to be) written into memory (by the program itself, due to a bug being exploited). On many architectures, then, C prevents the OS from using available memory protection mechanisms to prevent buffer overrun exploitation, whereas most other programming languages do not. In this way, C is a security liability. C++ generally has the same fault. "Ian S. Nelson" wrote in message news:3C6144E7.4010801@earthlink.net... > This is flat out wrong. I refer the honourable member to my previous answer. -- Nick Roberts