User: Password:
|
|
Subscribe / Log in / New account

New GNU Hurd, Mach, and MIG releases

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 9:10 UTC (Tue) by HelloWorld (guest, #56129)
In reply to: New GNU Hurd, Mach, and MIG releases by drag
Parent article: New GNU Hurd, Mach, and MIG releases

I think the problem with microkernels is that nowadays the same benefits can be achieved with memory-safe programming languages. I think that Rust, which incidentally had its 0.8 release just a few days ago, is a prime candidate for this kind of programming.


(Log in to post comments)

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 14:12 UTC (Tue) by drag (subscriber, #31333) [Link]

It would be nice.

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 16:47 UTC (Tue) by nix (subscriber, #2304) [Link]

I think the problem with microkernels is that nowadays the same benefits can be achieved with memory-safe programming languages.
That was, I believe, the hyped-up promise of the Java security model. It doesn't really seem to have worked all that well...

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 21:52 UTC (Tue) by HelloWorld (guest, #56129) [Link]

Most of Java's security issues are related either to unsafe code called via JNI or to JVM bugs concerning malicious class files. The first class of bugs of course also applies to C programs since C doesn't even try to be memory-safe. The second class of bugs is irrelevant for a kernel, because if you have the right to load code into the kernel the system is compromised anyway. So yes, Java programs are a lot more secure than C programs, occasional bugs notwithstanding.

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 23:44 UTC (Tue) by wahern (subscriber, #37304) [Link]

How do you go from describing the origin of bugs in Java-the-language-implementation to arguing that Java programs have fewer bugs than C programs?

PHP is "safer" than C in the same regards. Would you also argue that PHP programs tend to be safer and have fewer bugs than C programs?

I'm not at all sure that Java programs tend to be safer than C programs in 2013. Buffer overflows and stack smashing are pre-eminent in the C world precisely because many other classes of exploitable bugs are less prevalent, for many different reasons--engineer experience, typical usages, etc. C also tends to get more CVE reports precisely because historically has predominated in large, widely used programs that are under the microscope.

I'm not saying that Java programs are less secure. Maybe they're more secure. But the type of memory corruption possible with C is but one factor, and the potential for the same kind of corruption exists in all languages when executed on commodity hardware. And advances in mitigation techniques has narrowed the gap substantially in terms of the susceptibility to exploitable memory corruption.

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 23:45 UTC (Tue) by wahern (subscriber, #37304) [Link]

I meant, "that Java programs have fewer security bugs (i.e. are 'safer') than C programs".

New GNU Hurd, Mach, and MIG releases

Posted Oct 2, 2013 1:00 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

PHP programs are in general far more secure than C-based ones. However, PHP itself is horrible for web development.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds