Well, actually stating that something is secure because is compiled with
Delphi or whatever other compiler is used I think is a really dangerous.
What about race conditions? What about stuff like if x < 10 then (and what
will happen if x for some reason is under 0 and that was never thought off
while developing and reviewing?).
What about not using least privilege?
Well I guess you get the point. Stating something like that is just weird
and dangerous.
André
----- Original Message -----
From: "Gadi Evron" <ge_at_linuxbox.org>
To: <Valdis.Kletnieks_at_vt.edu>
Cc: <Majid2k_at_SourceForge.net>; <vuln-dev_at_securityfocus.com>
Sent: Wednesday, April 05, 2006 2:52 AM
Subject: Re: Delphi and buffer overflows
> Valdis.Kletnieks_at_vt.edu wrote:
>> On Sat, 01 Apr 2006 12:46:06 GMT, Majid2k_at_SourceForge.net said:
>>
>>>All Programs compiled in Delphi are secure
>>
>>
>> Explain. Do tell. How does a language manage to be Turing-complete and
>> at the same time provably secure? (Hint - Turing-complete includes the
>> possibility of a program infinite looping, so at the very least, there's
>> the possibility of a loop causing a DoS attack....)
>>
>> Or did Delphi use some different definition of "secure"?
>
> Valdis, I tend to like Delphi and agree with the guy, but you are 100%
> correct.
>
> That is because [especially] in the world of security the following words
> should be banned: all, every, never, etc.
>
> I bet that if you put a backdoor into a program written in Delphi it will
> no longer be 100% secure, right? That may be a bit of immature nitpicking,
> but really..
>
Received on Apr 08 2006
Intro
