Re: Script codes

From: Scott Brown <scott_at_rsbrown_dot_net>
Date: Thu Jan 05 2006 - 21:02:42 CST

Not necessarily. My guess is that this clause is in place to try to avoid
the "buffer overrun" type of exploit various servers have been victims of in
recent years. The features mentioned are found in virtually every modern
programming language. My reading of this is simply that any software that's
vulnerable to these types of attacks must take explicit steps to prevent
them.

-- Scott

On 1/5/06, charlie strauss <cems@earthlink.net> wrote:
>
>
>
> -----Original Message-----
> >From: David Jefferson <d_jefferson@yahoo.com>
> >The prohibition on interpreted code is in section 4.2.2 of the 2002
> >FEC standards.
> >
> >4.2.2 Software Integrity
> >Where the development environment (programming language and
> >development tools)
> >includes the following features, the software shall provide controls
> >to prevent accidental or deliberate attempts to replace executable code:
> > Unbounded arrays or strings (includes buffers used to move data);
> > Pointer variables; and
> > Dynamic memory allocation and management.
>
>
>
> Yikes. in addition to the prohibition on dynamically linked code, the last
> three items would seem to exclude Python would they not?
>
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Jan 8 20:24:38 2007

This archive was generated by hypermail 2.1.8 : Mon Jan 08 2007 - 20:24:39 CST