Self-modifying code

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Thu Apr 28 2005 - 13:39:00 CDT

On Apr 28, 2005, at 2:19 PM, Ron Crane wrote:
>> [DQM likes Python, but] If SV OVC (or whoever) like Ruby, or Perl, or
>> GCC, or Guile, or Haskell... the more power to them
> Not to open the debate here, but, from a security viewpoint, I would
> argue for a language that does not (directly) support self-modifying
> or self-writing code.

What do you mean by self-modifying code, exactly?

Of those I mentioned, only Guile (and other Lisp/Scheme variants) are
classically "self-modifying."

But a number of others (Python, Ruby, Perl, TCL, etc) have an eval/exec
command that will run code from a string. And that string can be
written using the language at runtime. Then again, it's pretty easy to
grep the source to make sure eval/exec are not used; so a style
guideline handles that.

However, while it's not precisiely code modification, a number of
languages allow you to do some pretty magic things with metaclasses and
dynamically modified class hierarchies and behaviors. Ruby and
Smalltalk are extremely dynamic this way. Python and Perl are less so,
but still have significant magical capabilities. C/C++, or Haskell, or
O'Caml are more fixed at runtime.

Of course, C/C++ has its own class of vulnerabilities in terms of poor
type-safety and uncaught bounds errors (overruns, etc). You can
mandate some coding styles and libraries to make C++ safer, but if
we're at the level of coding-style, you can certainly limit Python and
friends too. In general, I feel a lot better about languages with
memory-management built in (which makes Java pretty good at technical
level, if it were not unfree). Buffer overruns let you self-modify
code too, just not in an "officially documented" manner.

So I guess from a technical POV, there's a lot to recommend the
extremely type-safe, memory-managed and statically declared languages
like Haskell and O'Caml. Especially the former, which makes it
(relatively) easy to rigorously prove properties of functions and
modules. Of course, expertise and experience in Haskell is a lot less
widespread than is knowledge of the other languages I mentioned (quite
possibly even less than for Scheme). And you need to add some rubber
to your brain before thinking about Haskell (but it's good for you).

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sat Apr 30 23:17:19 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT