[ale] Any language (wuz: Assembly Language?)
Jim Kinney
jim.kinney at gmail.com
Sun Oct 27 10:38:13 EDT 2013
Sounds to me that the various scripting interpreters need a solid mapping
audit to better define input command to output machine code.
That said, ANY language that is compiled OR interpreted is subject to some
level of transformation in order to be used by the machine. Thus php is a
crap shoot not because of the language per se but because of its sloppy
interpreter. There's all kinds of crap that will compile from C into bad
code but not as much. As C is so much closer to the hardware, it is more
limited in its allowable slop. Scripting languages are at least 3 steps
away from what compiled C code runs in.
Fun and madness.
On Oct 27, 2013 10:25 AM, "Michael B. Trausch" <mbt at naunetcorp.com> wrote:
> On 10/27/2013 10:00 AM, Pete Hardie wrote:
>
> Out of curiosity, what sort of things are you referring to in the Python
> stdlib?
>
>
> It's not "what sort" but "how much".
>
> It's extremely time-consuming and thus therefore very improbable to be
> able to audit the entire Python stdlib, plus the entire python VM, plus the
> entire interpreter, plus the generator, and be able to say "Yes, this
> 12-line Python program is proved secure."
>
> Those twelve lines on their own might be secure, *assuming that all
> invariants are held that the programmer assumes*. Of course, that
> depends on far more than the 12 lines of code! That audit then has a
> domino effect.
>
> However, if you are working in C, you don't even really need to worry
> about the compiler itself, just the compiler's output. If you can easily
> map a line of C to one or more assembler statements (and you can do that
> quite easily), then you can prove the program's security far more easily.
> After all, then you KNOW where the chains of logic go—they're static, not
> dynamic.
>
> — Mike
>
> --
> [image: Naunet Corporation Logo] Michael B. Trausch
>
> President, *Naunet Corporation*
> ☎ (678) 287-0693 x130 or (855) NAUNET-1 x130
> FAX: (678) 783-7843
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20131027/553ee36b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bidbfbgi.png
Type: image/png
Size: 1701 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20131027/553ee36b/attachment.png>
More information about the Ale
mailing list