Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Delphi and buffer overflows
From: André Gil (andregildi.fct.unl.pt)
Date: Sat Apr 08 2006 - 19:52:45 CDT
Well, actually stating that something is secure because is compiled with
Delphi or whatever other compiler is used I think is a really dangerous.
What about race conditions? What about stuff like if x < 10 then (and what
will happen if x for some reason is under 0 and that was never thought off
while developing and reviewing?).
What about not using least privilege?
Well I guess you get the point. Stating something like that is just weird
----- Original Message -----
From: "Gadi Evron" <gelinuxbox.org>
Cc: <Majid2kSourceForge.net>; <vuln-devsecurityfocus.com>
Sent: Wednesday, April 05, 2006 2:52 AM
Subject: Re: Delphi and buffer overflows
> Valdis.Kletnieksvt.edu wrote:
>> On Sat, 01 Apr 2006 12:46:06 GMT, Majid2kSourceForge.net said:
>>>All Programs compiled in Delphi are secure
>> Explain. Do tell. How does a language manage to be Turing-complete and
>> at the same time provably secure? (Hint - Turing-complete includes the
>> possibility of a program infinite looping, so at the very least, there's
>> the possibility of a loop causing a DoS attack....)
>> Or did Delphi use some different definition of "secure"?
> Valdis, I tend to like Delphi and agree with the guy, but you are 100%
> That is because [especially] in the world of security the following words
> should be banned: all, every, never, etc.
> I bet that if you put a backdoor into a program written in Delphi it will
> no longer be 100% secure, right? That may be a bit of immature nitpicking,
> but really..