Re: Programming languages and trojans

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Wed Apr 21 2004 - 14:18:46 CDT

Arnold Urken <> wrote:
|Pardon me if I missed this, but why aren't we including some form of
|intrusion detection to make security as good as possible? Arnie

We have certainly discussed signed-hash procedures to make sure that
code delivered to EVMs is the same as the code that was certified.

I think the concern Doug raises is a bit different from this. He is
thinking more along the line of Ken Thompson's famous (hypothetical)
compiler trojan, where malicious features are built into every compiled
binary (or performed by the virtual machine, if Java/Python/Perl/C#/

Since the Python bytecode interpreter has lots of code in it, someone
might have slipped some malicious patch into the source tree. This
malicious code would need to check whether a script was implementing an
EVM, and if so, do something corrupt. We're not talking about a simple
substitution of a 'corrupt-python' binary en route to the polling place,
but rather someone corrupting the overall development process of Python.

However, I don't find this concern significant: at the least, I trust
the PythonVM to a MUCH higher degree than Sun's JVM, for the simple fact
that Python is Free Software (and because of what I know about its
development process). And I trust either 100x more than I would, for
example, trust C#/.NET not to have trojans.

FWIW, I find the whole static/strong-typing thing to simply be a canard.
A few vendors have made hay over deceptive claims about this. But I'm
unconvinced that static typing has ANY security advantage over strong,
but dynamic typing (ala Python/Ruby/Scheme/etc). And strong typing of,
e.g. ints and floats is a pretty darn weak guarantee; it's not even
close to genuine type hierarchies ala Haskell.

Yours, David...
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Apr 30 23:17:15 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT