Re: Self-modifying code

From: Ron Crane <voting_at_lastland_dot_net>
Date: Thu Apr 28 2005 - 13:55:51 CDT

On Apr 28, 2005, at 11:39 AM, David Mertz wrote:

> On Apr 28, 2005, at 2:19 PM, Ron Crane wrote:
>>> [DQM likes Python, but] If SV OVC (or whoever) like Ruby, or Perl,
>>> or GCC, or Guile, or Haskell... the more power to them
>> Not to open the debate here, but, from a security viewpoint, I would
>> argue for a language that does not (directly) support self-modifying
>> or self-writing code.
>
> What do you mean by self-modifying code, exactly?
>
> Of those I mentioned, only Guile (and other Lisp/Scheme variants) are
> classically "self-modifying."
>
> But a number of others (Python, Ruby, Perl, TCL, etc) have an
> eval/exec command that will run code from a string. And that string
> can be written using the language at runtime. Then again, it's pretty
> easy to grep the source to make sure eval/exec are not used; so a
> style guideline handles that.
>
> However, while it's not precisiely code modification, a number of
> languages allow you to do some pretty magic things with metaclasses
> and dynamically modified class hierarchies and behaviors. Ruby and
> Smalltalk are extremely dynamic this way. Python and Perl are less
> so, but still have significant magical capabilities. C/C++, or
> Haskell, or O'Caml are more fixed at runtime.
>
> Of course, C/C++ has its own class of vulnerabilities in terms of poor
> type-safety and uncaught bounds errors (overruns, etc). You can
> mandate some coding styles and libraries to make C++ safer, but if
> we're at the level of coding-style, you can certainly limit Python and
> friends too. In general, I feel a lot better about languages with
> memory-management built in (which makes Java pretty good at technical
> level, if it were not unfree). Buffer overruns let you self-modify
> code too, just not in an "officially documented" manner.
>
> So I guess from a technical POV, there's a lot to recommend the
> extremely type-safe, memory-managed and statically declared languages
> like Haskell and O'Caml. Especially the former, which makes it
> (relatively) easy to rigorously prove properties of functions and
> modules. Of course, expertise and experience in Haskell is a lot less
> widespread than is knowledge of the other languages I mentioned (quite
> possibly even less than for Scheme). And you need to add some rubber
> to your brain before thinking about Haskell (but it's good for you).

This is very thought-provoking, and I'd like to explore it more deeply
when I've got a little more time. Basically I want to make it difficult
to hide anything, even "in plain sight". Obviously proper review is
critical here, and maybe the choice of language is less important than
I had thought. I need to consider this more.

By the way, when/where is the "pow-wow"?

-R

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sat Apr 30 23:17:19 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT