Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #67797

Re: How security holes happen

From Gene Heskett <gheskett@wdtv.com>
Subject Re: How security holes happen
Date 2014-03-04 23:27 -0500
References <lf22t1$sgh$1@ger.gmane.org> <mailman.7670.1393885170.18130.python-list@python.org> <izuRu.12475$wf3.1354@fx10.am4>
Newsgroups comp.lang.python
Message-ID <mailman.7790.1393993644.18130.python-list@python.org> (permalink)

Show all headers | View raw

On Tuesday 04 March 2014 23:17:40 Andrew Cooper did opine:

> On 03/03/2014 22:19, Cameron Simpson wrote:
> > On 03Mar2014 09:17, Neal Becker <ndbecker2@gmail.com> wrote:
> >>  Charles R Harris <charlesr.harris@gmail.com> Wrote in message:
> >> Imo the lesson here is never write in low level c. Use modern
> >> 
> >>  languages with well designed exception handling.
> > 
> > What, and rely on someone else's low level C?
> 
> Why is C the lowest denominator?
> 
> Even with correctly written C and assembly, how can you be sure that
> your processor is executing the SYSRET instruction safely?
> (CVE-2012-0217 for anyone interested)
> 
If you do not have the system tools to determine that, the system is 
seriously incomplete.  Change os's, its that simple when you are down to 
the bare metal.

If I wanted to determine that was correct on the TRS-80 Color Computer 3 in 
the basement, running nitros9 right now, I would put 3 calls to F$RegDump 
in the assembly code, one in the caller as the last thing done before the 
call, one in the subroutine immediately in front of the return, and one as 
the first operation done when the return register image has been pulled 
from the stack.

> ~Andrew


Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Re: How security holes happen Cameron Simpson <cs@zip.com.au> - 2014-03-04 09:19 +1100
  Re: How security holes happen Roy Smith <roy@panix.com> - 2014-03-03 18:05 -0500
    Re: How security holes happen Chris Angelico <rosuav@gmail.com> - 2014-03-04 10:36 +1100
  Re: How security holes happen Andrew Cooper <root@127.0.0.1> - 2014-03-05 00:52 +0000
    Re: How security holes happen Gene Heskett <gheskett@wdtv.com> - 2014-03-04 23:27 -0500
    Re: How security holes happen 88888 Dihedral <dihedral88888@gmail.com> - 2014-03-05 18:39 -0800

csiph-web