Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This argument came up in the thread from a few years ago. It is quite wrong-headed. I would like to give a clear answer to it:

Virtual machines and runtimes may be vulnerable to malicious CODE. That's bad. Programs written in unmanaged languages are vulnerable to malicious DATA. That's horrible and unmitigatable.

Vulns to malicious code are bad, but they may be mitigated by not running untrusted code (hard, but doable in contexts of high security). They are also mitigated by the fact that the runtime or VM is a small piece of code which may even be amenable to formal verification.

Vulns to malicious data, or malicious connection patterns, are impossible to avoid. You can't accept only trusted data in anything user-facing. Also, these vulnerabilities are spread through billions of lines of application and OS code, as opposed to core runtime/VM.



  Virtual machines and runtimes may be vulnerable to malicious CODE. That's bad. 
  Programs written in unmanaged languages are vulnerable to malicious DATA.
Not exatly true. You can still write code vulnerable to input (data) in a "secure" language by accident. C is just especially vulnerable to buffer stuff.


Steps for better security

    1. use a managed language
    2. use a provable language (Haskell, Idris, etc)
Effective Psyops Against Standards and Open Software https://www.youtube.com/watch?v=fwcl17Q0bpk


What? Sorry, that doesn't make the least amount of sense.

If you have a VM your code is DATA! You can have say format string bugs in managed languages too, see for example: http://blog.stalkr.net/2013/06/golang-heap-corruption-during...

I'm sorry, but you're agrument here is plain bullshit.

Using your logic the whole kernel/browsers etc should be written in a managed language.

A browser is basically a VM for webpages though. I'd bet that chrome/firefox/IE have more severe vulnerabilities than openssl per time though.

I just... You can't argue with bullshit sorry.

Your might get less buffer overruns okay, but is it more secure in the end without any doubt?

I doubt it.


I am afraid you are the one who is not showing signs of having thought about this deeply. What is the ratio of the number of application programs, libraries, and services to the number of VMs and runtimes? Thousands, tens of thousands, millions? Depends on how you count, but it's huge. Reducing the attack surface like this is a big win.

And it is indeed a bad idea to install a browser on a critical server, and to load untrusted sites in it. You can mitigate the problem by not doing that. You can't stop the server from dealing with user data, though, since for many servers, that's what they are for. (If you are not going to deal with untrusted data, it is preferable to disable untrusted connections at as low a level as you can manage).


> Your might get less buffer overruns okay, but is it more secure in the end without any doubt?

If you hold everything else constant, yes, less buffer overruns == more secure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: