MLewis via devel writes: > Is it worthwhile improving the current C code to a 'hardened' programming > standard?
It's always worth trying, but not as easy as it seems. The fun with standard is that there are so many to chose from. > Example > - Joint Strike Fighter standards https://www.stroustrup.com/JSF-AV-rules.pdf > - NASA JPL standards > https://andrewbanks.com/wp-content/uploads/2019/07/JPL_Coding_Standard_C.pdf > - MISRA https://misra.org.uk/LinkClick.aspx?fileticket=vfArSqzP1d0%3d&tabid=57 https://wiki.sei.cmu.edu/confluence/display/c > What effort would be required for 'hardening'? You'd check a lot of the things that in other languages the compiler would do and do it all over again when anything changes. This is a good strategy for things that can be exhaustively tested and never change after implementation. The only other successful strategy I've seen for C specifically is to break down the functionality into the smallest possible parts (to minimize the domain over which you need to ensure correctness) and use the smalles possible set of external dependencies, then enforce that these parts can only communicate in the way they were designed. Wherever you get external input you'd also need to go to a zero-trust architecture. The one shining example of that I can point to is qmail and even that had an RCE reported against it just last year (or again after the same spot was reported and left unfixed since 2005). In fact that same sort of overflow error is/was present in other DJB software when and if he thought that it was either impossible or at least highly improbable (to the point of having no practicality) that anybody would throw enough data at the program for the error to trigger. It's a good reminder that 20 years of Moores "law" pretty much obliterates all such assumptions. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Waldorf MIDI Implementation & additional documentation: http://Synth.Stromeko.net/Downloads.html#WaldorfDocs _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
