From: André Gil (andregildi.fct.unl.pt)
Date: Sat Apr 08 2006 - 19:52:45 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, actually stating that something is secure because is compiled with
Delphi or whatever other compiler is used I think is a really dangerous.

What about race conditions? What about stuff like if x < 10 then (and what
will happen if x for some reason is under 0 and that was never thought off
while developing and reviewing?).

What about not using least privilege?

Well I guess you get the point. Stating something like that is just weird
and dangerous.

André

----- Original Message -----
From: "Gadi Evron" <gelinuxbox.org>
To: <Valdis.Kletnieksvt.edu>
Cc: <Majid2kSourceForge.net>; <vuln-devsecurityfocus.com>
Sent: Wednesday, April 05, 2006 2:52 AM
Subject: Re: Delphi and buffer overflows

> Valdis.Kletnieksvt.edu wrote:
>> On Sat, 01 Apr 2006 12:46:06 GMT, Majid2kSourceForge.net said:
>>
>>>All Programs compiled in Delphi are secure
>>
>>
>> Explain. Do tell. How does a language manage to be Turing-complete and
>> at the same time provably secure? (Hint - Turing-complete includes the
>> possibility of a program infinite looping, so at the very least, there's
>> the possibility of a loop causing a DoS attack....)
>>
>> Or did Delphi use some different definition of "secure"?
>
> Valdis, I tend to like Delphi and agree with the guy, but you are 100%
> correct.
>
> That is because [especially] in the world of security the following words
> should be banned: all, every, never, etc.
>
> I bet that if you put a backdoor into a program written in Delphi it will
> no longer be 100% secure, right? That may be a bit of immature nitpicking,
> but really..
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]