Re: Script codes

From: David Jefferson <d_jefferson_at_yahoo_dot_com>
Date: Thu Jan 05 2006 - 20:34:20 CST

The data stored on Diebold removable memory cards is straight data,
not "objects" in the OO sense.

The prohibition on interpreted code is in section 4.2.2 of the 2002
FEC standards.

4.2.2 Software Integrity
Self-modifying, dynamically loaded, or interpreted code is
prohibited, except under the
security provisions outlined in section 6.4.e. This prohibition is to
ensure that the
software tested and approved during the qualification process remains
unchanged and
retains its integrity. External modification of code during execution
shall be prohibited.
Where the development environment (programming language and
development tools)
includes the following features, the software shall provide controls
to prevent
accidental or deliberate attempts to replace executable code:
Unbounded arrays or strings (includes buffers used to move data);
Pointer variables; and
Dynamic memory allocation and management.

David

On Jan 5, 2006, at 12:30 PM, charlie strauss wrote:

> I'm sure you have seen the latest bulliten from Bev Harris, quoting
> Jim March.
> (personally I was a tad dissappointed she elevated the physical
> access and limited Eprom Attack to the same plateau as the general
> purpose Hursti attack on the diebold systems. It lowers the
> importance of the Hursti attack. But she does have a small point
> of sorts)
>
> In any case the Diebold attack was based on "interpreted" code
> being allowed on the vote cards. That's something I expect is
> becoming ubiquitous since object oreinted data storage lends itself
> to that.
>
>
> She has said interpreted code is not allowed (in the past pointing
> to other places it is found, like font files). Is this really
> true? Where is this prohibition.
>
> And how does that suit OVC which uses python (or accupol which uses
> Java). Is it just a limitation to specific places script codes can
> be found?
>
>
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Jan 8 20:24:38 2007

This archive was generated by hypermail 2.1.8 : Mon Jan 08 2007 - 20:24:39 CST