On 2007-12-22 12:06, Brian Hansen wrote: > Hi. > > I address this issue on this list, because a lot of people here are very > skillfull C programmers. > > When looking at some of the different "reasons for security problems" such > as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > Ada? I specifically mention Ada since one of the most security demanding > industries are building aircrafts and they use Ada.
I'm not very familiar with Ada so I do not know if it allows for the same kinds of low-level programming (which is necessary when writing an OS or code that interacts with hardware) that C does. > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > like the OpenBSD security team has done, and still do, why not shift from C > to something, just as fast and powerfull as C, but more secure? Again like > Ada. (to completely avoid the possibilities of those errors). The speed of comes, among other things, from the lack of security checks and by allowing potentially unsafe operations. Again, I do not know Ada so I do not know how it achieves its high level of safety but I would think that runtime checks is part of it. > 3. Are there any real benefits in using C++ over C regarding security? Are > C++ really "better" from a security perspective? C++ is not inherently safer than C (in fact much C code is also valid C++) but there are a number of mechanisms in C++ that makes some kinds of constructs easier/more convenient. But there is nothing that can be done in C++ that can not be done or emulated in C. What C++ does offer with its more extensive OO support is to make it easier to encapsulate potentially unsafe operations and constructs in higher-level objects. By making sure that those objects never perform any unsafe actions you eliminate some low-hanging fruit (one of the most common security problems comes from to small string-buffers, by using string classes instead the user does not have to concern him/her self with such things). Of course such encapsulation is not free and there are both speed and memory considerations. Having said that you should be aware that most of the tougher security issues are language independent, even code written in C# and similar languages can have security issues. -- Erik WikstrC6m
