I work for a fortune 100 company in the telecom space. They are
absolutely dirtying their shorts over security concerns. They haven't
had any major fallout yet, but they figure it's inevitable. They have
been flying in experts to tell us all how to write safer C code.
Having witnessed several such 1 to 3 day tirades on how to write safer C
code, I think I can summate 99% of the issue as:
"make sure you don't over-run any buffers". This is because almost all
of the "exploits" that don't involve walking in through an open door
involve pushing executable code into an over-written buffer.
I've been thinking it over, and I can't for the life of me think of a
way to over-run a buffer in Ruby.
Is this the same as thinking one is safe from viruses because he's
driving a Macintosh, or is Ruby (and any other ducktyped and garbage
collected, etc. etc. language) automatically much safer by default?
Asking the same question in a different way, does Ruby have any similar
"Achilles heel" that one has to be careful of to avoid providing the
hackers out there with "exploits 'aplenty"?
On 6/1/06, Ruby <baby_ruby@web.de> wrote (about buffer overflows):
Asking the same question in a different way, does Ruby
have any similar "Achilles heel" that one has to be careful
of to avoid providing the hackers out there with "exploits
'aplenty"?
No.
The normal stuff about avoiding injection effects and being careful
with evaluating external code holds, of course - yet those are common
in all languages. The only thing is that it might be more tempting to
evaluate external code in Ruby, since it's so easy to create small
Domain Specific Languages.
This is called type-safety. The basic idea is you can only operate the
data with operations specified by the data type. There is no pointer
type but object reference, which you can't manipulate as an integer.
The other basic idea is your code always branches to specified code
entry point, rather than a random position of a buffer. I think Ruby
holds true with these properties.
The problem is more than safety, but also security, which is hard to
control at language level. Ruby has concept of Safe levels and Tainted
objects to isolate the potential dangers. This would be good enough to
protect your system. The execution of external code itself doesn't
really bring much more risks, as you already did with Applet or Flash
or Ajax.
Thanks,
xiaofeng
···
On 6/1/06, Ruby <baby_ruby@web.de> wrote:
I work for a fortune 100 company in the telecom space. They are
absolutely dirtying their shorts over security concerns. They haven't
had any major fallout yet, but they figure it's inevitable. They have
been flying in experts to tell us all how to write safer C code.
Having witnessed several such 1 to 3 day tirades on how to write safer C
code, I think I can summate 99% of the issue as:
"make sure you don't over-run any buffers". This is because almost all
of the "exploits" that don't involve walking in through an open door
involve pushing executable code into an over-written buffer.
I've been thinking it over, and I can't for the life of me think of a
way to over-run a buffer in Ruby.
Is this the same as thinking one is safe from viruses because he's
driving a Macintosh, or is Ruby (and any other ducktyped and garbage
collected, etc. etc. language) automatically much safer by default?
Asking the same question in a different way, does Ruby have any similar
"Achilles heel" that one has to be careful of to avoid providing the
hackers out there with "exploits 'aplenty"?