On Tue, 16 Apr 2013 14:05:39 +0200 Florian Weimer <fweimer@xxxxxxxxxx> wrote: > On 04/15/2013 08:17 PM, Miloslav Trmač wrote: > > Sure, moving away from C/C++ does not make programs > > completely secure; however, on average, C/C++ programs > > are noticeably less secure (because most vulnerabilities > > that can happen in higher-level languages can also happen > > in C, but not the other way around). > > To illustrate this point, here's a fairly concrete > example: If you have got a program that is written in a > memory-safe language which also provides some form of > encapsulation, it is possible to demonstrate convincingly > (*) that a software module which provides an > encryption/decryption service never leaks the key > material. If there is no memory safety, other code in the > program could peek at the key bits, and encapsulation is no > longer guaranteed. What should be a local property of the > module now turns into a global property of the program, > making review more difficult. > > (*) As soon as cryptography is involved, mathematically > rigorous results are the exception. > Memory-safe languages don't protect against key material being left un-zeroed in pages, nor against side-channel attacks due to non-constant operation timing, power, etc. Sure there is a certain class of problems you aren't going to get in Python that you are in C, but it's not a panacea. Conrad -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
