LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Still more nonsense...

Still more nonsense...

Posted Nov 21, 2011 4:30 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
In reply to: Still more nonsense... by khim
Parent article: Interview with Andrew Tanenbaum (LinuxFr.org)

Oh, Chrome has been broken multiple times.

http://www.zdnet.com/blog/hardware/google-chrome-pwned-on... - this is a complete pwnage.

'Page local' exploits are even more numerous.

So your best case shows that MEMORY PROTECTION WITH UNMANAGED LANGUAGES IS NOT SECURE and can not be made so with any rational amount of investment. There are literally no large enough unmanaged systems without buffer exploit vulnerabilities.

(Log in to post comments)

Define large enough...

Posted Nov 21, 2011 7:34 UTC (Mon) by khim (subscriber, #9252) [Link]

There are literally no large enough unmanaged systems without buffer exploit vulnerabilities.

And the same is true for managed systems. But security is not binary. Number of successful exploits against JVM and .NET dwarfs the number of successful exploits against memory-managed systems.

So your best case shows that MEMORY PROTECTION WITH UNMANAGED LANGUAGES IS NOT SECURE

No, my best case shows that you can make it secure enough that break-ins will make the news. JVM and .NET-based break-ins are just accepted as "fact of life", even if they make the news they are reported as "oh, well, yet another vulnerability is found and fixed in XXX product". Often they don't make the news at all. If your idea of improving security is to replace poorly behaving system with utterly broken system then I'm glad you are not working here.

Define large enough...

Posted Nov 21, 2011 7:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

Yup. Most (note this!) current implementations of VMs are written in unreliable unmanaged languages so they are not secure. And I wouldn't expect them to be.

To have a secure system you need your hardware to enforce safety. That can be done with the help of architectures with TAL (Typed Assembly Languages) which Azul system essentially is.

In this way you can build the system using safe languages from ground up. And small unsafe parts can be audited to hell and back.

Ah, that again...

Posted Nov 21, 2011 8:21 UTC (Mon) by khim (subscriber, #9252) [Link]

To have a secure system you need your hardware to enforce safety. That can be done with the help of architectures with TAL (Typed Assembly Languages) which Azul system essentially is.

Well, Azul hardware systems will be interesting exhibits in Computer History Museum (next to Intel iAPX 432 and LISP machines), I'll grant you that, but I fail to see how these museum pieces are relevant to the discussion.

Still more nonsense...

Posted Dec 5, 2011 19:07 UTC (Mon) by cmccabe (guest, #60281) [Link]

It looks like that bug was not a Chrome bug, but an Adobe Flash bug.

See http://www.reddit.com/r/netsec/comments/h9vax/is_the_vupe...

> "As usual, security journalists don't bother to fact check. VUPEN
> misunderstood how sandboxing worked in chrome, and only had a flash bug."
> - Tavis Ormandy, Information Security Engineer at Google - via
> http://twitter.com/taviso

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds