Vulnerability Development: Re: Delphi and buffer overflows

[André Gil <andregil () di fct unl pt>]

Well, actually stating that something is secure because is compiled with 
Delphi or whatever other compiler is used I think is a really dangerous.
What about race conditions? What about stuff like if x < 10 then (and what 
will happen if x for some reason is under 0 and that was never thought off 
while developing and reviewing?).
What about not using least privilege?

Well I guess you get the point. Stating something like that is just weird 
and dangerous.
André

----- Original Message ----- 
From: "Gadi Evron" <ge () linuxbox org>
To: <Valdis.Kletnieks () vt edu>
Cc: <Majid2k () SourceForge net>; <vuln-dev () securityfocus com>
Sent: Wednesday, April 05, 2006 2:52 AM
Subject: Re: Delphi and buffer overflows


> Valdis.Kletnieks () vt edu wrote:
> > On Sat, 01 Apr 2006 12:46:06 GMT, Majid2k () SourceForge net said:
> >
> > > All Programs compiled in Delphi are secure
> >
> > Explain. Do tell.  How does a language manage to be Turing-complete and
> > at the same time provably secure?  (Hint - Turing-complete includes the
> > possibility of a program infinite looping, so at the very least, there's
> > the possibility of a loop causing a DoS attack....)
> >
> > Or did Delphi use some different definition of "secure"?
> Valdis, I tend to like Delphi and agree with the guy, but you are 100% 
> correct.
> That is because [especially] in the world of security the following words 
> should be banned: all, every, never, etc.
> I bet that if you put a backdoor into a program written in Delphi it will 
> no longer be 100% secure, right? That may be a bit of immature nitpicking, 
> but really..