C considered harmful: was Debian attacker may have used new exploit

Henry Spencer henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
Fri Dec 5 01:20:56 UTC 2003


On Thu, 4 Dec 2003, Peter Hiscocks wrote:
> Dynamic code generation (program writes code then jumps to it) sounds like a
> really useful facility for virus writers, trojan horses and worms. In what
> circumstance is it necessary to have that capability?

It's highly desirable in cases where performance is critical and there are
too many different cases to just include one of each in a precompiled
binary.  The classic example is Rob Pike's dynamically-compiled
implementation of RasterOp -- operations on one-bit-deep frame buffers --
where the number of cases is the product of a dozen different variables
each with several values.  Similar things can be done for applications
like network routing. 

Similarly, it's heavily used for implementing languages whose full
generality must be interpretive, but for which special cases can be
identified at run time and compiled into hard code.

> Isn't it much safer to have a rigid demarcation between code generation and
> code execution?

Safer, but less powerful.

                                                          Henry Spencer
                                                       henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list