C considered harmful: was Debian attacker may have used new exploit

Tim Writer tim-s/rLXaiAEBtBDgjK7y7TUQ at public.gmane.org
Fri Dec 5 00:48:12 UTC 2003


Jing Su <jingsu-26n5VD7DAF2Tm46uYYfjYg at public.gmane.org> writes:

> > Dynamic code generation (program writes code then jumps to it) sounds like a
> > really useful facility for virus writers, trojan horses and worms. In what
> > circumstance is it necessary to have that capability?
> 
> Dynamic run-time optimization.  Hot field of research (though I know
> nothing about it).

That's one area.  Decent LISP environments often blur the distinction between
interpreted code, byte compiled code (to be executed by a virtual machine),
and compiled code (i.e. machine language).  Such environments allow you to
integrate interpreted code with compiled code as well as compiling (with
varying levels of optimization) individual functions.  I'm sure other
languages have similar environments.  These tools can really enhance
productivity as they facilitate rapid development by eliminating the
compile/link/run cycle without sacrificing performance.  And they tend to
have great debugging facilities.

Of course, you arguably don't need these facilities in "production code".  So
it wouldn't be too onerous to restrict this ability (to compile and execute
code on-the-fly) to specific, privileged binaries via capabilities.

-- 
tim writer <tim-s/rLXaiAEBtBDgjK7y7TUQ at public.gmane.org>                                  starnix inc.
905.771.0017 ext. 225                           thornhill, ontario, canada
http://www.starnix.com              professional linux services & products
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list