Author Topic: Image File Execution Options  (Read 3494 times)

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: Image File Execution Options
« Reply #30 on: 10 April 2005, 08:44 »
Let's not get buffer overflows and variable overloads confused here.  You really can't stop an overflow in poorly written code, that's what's at issue here.  It's doubtful that C# is going to do much to cure this, as it's still JUST C at the base level.  Don't kid yourself by trying to tell us how .NET isn't C#.  Now, what I was taking issue with on MY behalf was the confusion with overloading variables (override [sic] in this case), which can indeed be blocked (at least it could in Borland 6, I don't know about Visual Crapcaster 6.6.6).  Like you so eloquently say in so many words, an overflow is a function of poor coding and can only be stopped by not allowing the possibility in the first place.  Too bad .NET isn't as strict as you seem to think it is.

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

muzzy

  • Member
  • **
  • Posts: 391
  • Kudos: 409
    • http://muzzy.net/
Re: Image File Execution Options
« Reply #31 on: 10 April 2005, 09:35 »
Well, obviously aloone was talking about overflows (since he mentioned program crashes), despite improper use of terminology. What comes to overloading, there's no such thing in C. There is in C++, but it cannot overload variables, it only applies to operators and function names. So, that's that and hopefully we're through that confusion now.

Also, C# indeed solves the problem, as does the common language runtime of the .NET framework. I'm not kidding anyone when I say .NET isn't C#, it's a framework and runtime environment, and C# happens to be just one language specifically designed for it. However, .NET defines a concept called "verifiable code", which is a set of restrictions that the code must meet to be verifiable. Any code which meets these requirements can be verified to not breach the execution flow, and thus can be verified to not contain buffer overflows and such. Unsafe sections of the code must then be marked as such, and can remain vulnerable, but this allows for greater isolation of such code. Under these restrictions, the language and runtime environment can guarantee that any program errors happen above the logic level, and as of such are isolated to the execution path and are easier to trace.

The typical problem with C and C++ is that a memory error anywhere in the program can cause problems in any other part of the program, so the program might only crash hours or days after the effects of the bug took place. Verifiable code solves this issue, and thus it will simply become impossible to make such bugs. Obviously, this feature doesn't have to be used, which means .NET isn't a magic salt which solves all problems merely by sprinkling it around. It however provides the means for writing such secure code, that isn't suspectible to traditional problems of traditional software development.

muzzy

  • Member
  • **
  • Posts: 391
  • Kudos: 409
    • http://muzzy.net/
Re: Image File Execution Options
« Reply #32 on: 10 April 2005, 09:44 »
Ohyea, I totally missed this: "it's still JUST C"

WRONG! It's nothing like C. I'd like to hear why you think it has anything to do with C. The language is so totally different it boggles the mind that you'd say it's "still just C at the base level". Do you mean that the VM implementation is written in C or C++? That has nothing to do with the language design, how it's compiled, or how it's executed. So where do you get this idea?