Re: Script codes

From: Scott Brown <scott_at_rsbrown_dot_net>
Date: Thu Jan 05 2006 - 21:42:38 CST

The quoted section doesn't unconditionally prohibit anything. It simply
prohibits certain types of development environments unless proper
precuations are taken. I'm sure we could all agree that this would apply to
any 3rd-generation programming language whose high-level features (such as
dynamic memory allocation, reflection, weak typing, etc.) -- which provide
such great flexibility in modern business environments -- must also be
handled properly for high-security environments.

I don't at all read it as saying unconditionally such languages cannot be
used. Rather, such languages cannot be used unless such exploits have been
explicitly prevented at the application level. Makes sense; and, indeed,
applies to most -- if not all -- modern programming languages.

-- Scott

On 1/5/06, David Jefferson <d_jefferson@yahoo.com> wrote:
>
> I am not facile with Python. But my reading of these lines is that they
> require strong typing, including bounds checked arrays and strings, and
> disciplined object references (e.g. Java). Also, my personal
> interpretation is that whatever the main body of code is writen in, there
> cannot be a *second* level of interpretation, i.e. Python and Java would
> be OK by me as primary languages even though they are interpreted, as long
> as there were not another level of interpretation of some other language.
> But, of course, I am not an ITA.
> And if it were up to me these lines would seem to preclude C, because of
> the confusion between integers and pointers in that language does not allow
> any strong way of controlling pointer references; but I doubt the ITAs
> interpret it that way, or enforce it.
>
> David
>
>
>
> On Jan 5, 2006, at 7:52 PM, charlie strauss wrote:
>
>
>
> -----Original Message-----
>
> From: David Jefferson <d_jefferson@yahoo.com>
> The prohibition on interpreted code is in section 4.2.2 of the 2002
> FEC standards.
>
> 4.2.2 Software Integrity
> Where the development environment (programming language and
> development tools)
> includes the following features, the software shall provide controls
> to prevent accidental or deliberate attempts to replace executable code:
> Unbounded arrays or strings (includes buffers used to move data);
> Pointer variables; and
> Dynamic memory allocation and management.
>
>

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Jan 8 20:24:35 2007

This archive was generated by hypermail 2.1.8 : Mon Jan 08 2007 - 20:24:39 CST