Is it time for secure C ?

[Dan Pop]

One point of a secure C standard would be to minimize instances of
*dangerous* undefined behavior, not necessarily to eliminate all
undefined behavior.

I'd use the word "gratuitous" instead of "dangerous", as the C standard
doesn't distinguish between dangerous undefined behaviour and innocuous
undefined behaviour. Invoke undefined behaviour only when you *need* to
do so.

Dan

 

[Dan Pop]

This is not true of the NT line. It was designed with security in mind,
right from the start.

It is true of the NT line, too, because security concerns have been
overridden by backward compatibility concerns. So, although the NT
kernel itself is quite secure and well designed, other layers of the OS,
running with enough privileges to cause all kinds of problems, crashes
included, aren't.

Dan

 

[Guillaume]

It is true of the NT line, too, because security concerns have been

overridden by backward compatibility concerns. So, although the NT
kernel itself is quite secure and well designed, other layers of the OS,
running with enough privileges to cause all kinds of problems, crashes
included, aren't.

Care to give some precise examples?

 

[Joe Wright]

It is true of the NT line, too, because security concerns have been
overridden by backward compatibility concerns. So, although the NT
kernel itself is quite secure and well designed, other layers of the OS,
running with enough privileges to cause all kinds of problems, crashes
included, aren't.

How might one make a judgement on the NT kernel relative to its
design? What data is at hand as to its security? How might one
determine that it is well designed?

 

[Old Wolf]

One major difference is that Windows NT was not a real multi-user
OS like the Un*x have been for decades. And Windows 2003 still
compares pale in comparison with a Un*x-like in terms of multi-user
support and security.

I'm not so sure. Windows security features seem to be a superset of
common Unix ones. Or are you talking about the out-of-the-box
permission settings?

One very good example is Google. It has been tremendously effective.
We can even say that it's a rare example in the IT world. When's
the last time you wanted to use Google and it was unavailable, or
buggy?

Googlr Groups had a problem a few weeks ago, where no messages updated
for a few days (and a few times, new messages would appear and then
disappear again).

I haven't seen that. It has never happened. For the record,
Google uses over 100,000 servers all over the world, and they all
run under Linux flavors. Something that obviously cannot be ignored.

Google uses a thing where if one node goes down then everything else
works around it so the appearance to the end user is seamless. So you
can't infer from this that all its machines are bug-free and reliable etc.

 

[Richard Bos]

Care to give some precise examples?

Yes. Microsoft Word has repeatedly crashed Microsoft Windows XP when I
was watching. No other programs running. Both, you'll notice, Microsoft
products. Not hearsay; not rumour; my own experience.
This should _not_ be possible. That some application crashes is bad
enough; that Microsoft's own application was able to take their entire
OS with it is inacceptable.
Oh, and: Sasser. Yet _another_ buffer overflow bug, in the very latest
version of Windows, which was not even present in earlier versions like
'98. They _never_ learn.

Richard

 

[Dan Pop]

Care to give some precise examples?

Those who did a code review of the NT implementation found practically
no problems in the kernel, but plenty of problems at the Win32
implementation level. Sorry, it's been a long time since I've read
about it and I can't be any more specific.

Dan

 

[Mark McIntyre]

Care to give some precise examples?

Yes. Microsoft Word has repeatedly crashed Microsoft Windows XP when I
was watching. No other programs running. Both, you'll notice, Microsoft
products. Not hearsay; not rumour; my own experience.[/QUOTE]

Can you guys take this anti-MS discussion out of CLC. And you might like to
take with you the comment that I've managed to panic the linux and Solaris
kernels before now with badly written 3rd party software, so this is not a
"feature" of NT.

If you want a *really* secure os, you know where to find VMS....

 

[Harti Brandt]

On Wed, 14 Jul 2004, Mark McIntyre wrote:

MM>On Wed, 14 Jul 2004 06:32:16 GMT, in comp.lang.c ,
MM>[email protected] (Richard Bos) wrote:
MM>
MM>>Guillaume <"grsNOSPAM at NOTTHATmail dot com"> wrote:
MM>>
MM>>> > It is true of the NT line, too, because security concerns have been
MM>>> > overridden by backward compatibility concerns. So, although the NT
MM>>> > kernel itself is quite secure and well designed, other layers of the OS,
MM>>> > running with enough privileges to cause all kinds of problems, crashes
MM>>> > included, aren't.
MM>>>
MM>>> Care to give some precise examples?
MM>>
MM>>Yes. Microsoft Word has repeatedly crashed Microsoft Windows XP when I
MM>>was watching. No other programs running. Both, you'll notice, Microsoft
MM>>products. Not hearsay; not rumour; my own experience.
MM>
MM>Can you guys take this anti-MS discussion out of CLC. And you might like to
MM>take with you the comment that I've managed to panic the linux and Solaris
MM>kernels before now with badly written 3rd party software, so this is not a
MM>"feature" of NT.
MM>
MM>If you want a *really* secure os, you know where to find VMS....

But: WNT == VMS++ so NT should be even securer

harti