On Wednesday 05 February 2003 16:07, Seth Breidbart wrote: > Even under the assumption that locations aren't re-used, it's > provably impossible (Turing-complete) to determine whether the > contents of a location can be used as an address by a program. Would that be more accurately not impossible, but "intractable"? With a small enough and simple enough program it is possible to analyze whether its implementation on a Turing Machine will reach a halting point. What the Turing Machine Halting Problem proves is that for an arbitrary tape, calculation of the upper bound on the number of moves the read-write head must make to determine whether there is a halting state is an "intractable" problem. What this rebasing discussion comes down to is: to what extent may one simplify operation of a program by limiting inputs by obfuscating ports (as defined in finite state machine theory, a subset of the Turing Machine) that could accept input of exploits? Better yet, how about eliminating buffer overflow-generated ports by using a programming language that doesn't automagically lend itself to buffer overflows? There are, after all, languages other than C and Fortran, and memory is no longer ferrite cores strung together with copper wires by Taiwanese ladies and leased, not sold, by IBM. So we don't really need the extreme and bug-prone measures of yesteryear to save on RAM use. Using more modern languages can also reduce the temptation to reuse crufty code:) Two excellent books relevant to this discussion are "Building Secure Software" by Viega and McGraw, and "Computers and Intractability" by Garey and Johnson. -- "I see in the near future a crisis approaching that unnerves me and causes me to tremble for the safety of my country. As a result of the war, corporations have been enthroned and an era of corruption in high places will follow, and the money power of the country will endeavor to prolong its reign by working on the prejudices of the people until all wealth is aggregated in a few hands, and the Republic is destroyed." -- Abraham Lincoln in a letter to William F. Elkins, Nov 21st, 1864 505-281-9675 http://techbroker.com http://happyhacker.org Gravity. It's not just a good idea. It's the law.
