[pro] Heartbleed?

William Lederer william.lederer at gmail.com
Tue Apr 29 02:23:03 UTC 2014 

Regarding why programmers don't write libraries in common lisp (ignoring
what seems to be a screaming terror of the parenthetical, functional world)
is that cryptography must be fast, and it must not leak timing information.

A final word here--I spend my days auditing and pen testing programs
written in managed languages: C# and Java. None of the errors that bring
down systems and lead to breaches in these languages result from bounds
checking or buffer overflow issues. None of them are subject to the same
kinds of flaws C exposes as evidenced by heartbleed. Nonetheless, there are
vulnerabilities.

And I am sure that all remember the vulnerability exposed in Ycombinator
which is written in Lisp. Simply writing your stuff in Lisp is not enough.

wglb


On Mon, Apr 28, 2014 at 5:40 PM, Pascal J. Bourguignon <
pjb at informatimago.com> wrote:

> William Lederer <william.lederer at gmail.com> writes:
>
> > Regarding the question
> >
> > What would you personally fly, software written in C or software
> > written in Common Lisp?
> >
> > In the reality of today's fly-by-wire, the modern planes you fly in
> > are likely to have C in some critical component. Ada is likely there
> > as well.
> >
> > But let's just examine a few software related disasters to see if
> > they are attributable to programming language:
> >
> >     Ariane 5 rocket explosion: from the official report: This loss of
> >     information was due to specification and design errors in the
> >     software of the inertial reference system.
> >     Mars Climate Orbiter: one system used metric units, another used
> >     English
> >     Therac 5: improper understanding of multi-tasking code
> >     Heartbleed: Overly complex protocol combined with being able to
> >     read beyond allocated memory
> >
> > Of these, only heartbleed can credit language as a contributing
> > factor.
>
> Not at all.
>
>
>   * Programmed in Common Lisp, either the fixnum in the Ariane 5 would have
>     been converted into a bignum, or an condition would have been
>     signaled, which could have been handled.  This would have taken
>     time, which could perhaps have "exploded" the real time constraints,
>     but it is better to control your rocket slughishly than not to
>     control it at all.
>
>   * Programmed in Common Lisp, instead of using raw numbers of physical
>     magnitudes, you'd use objects such as:
>
>       (+ #<kilometer/hour 5.42>  #<foot/fortnight 12857953.0> )
>       --> #<meter/second 4.7455556>
>
>     and Mars Climate Orbiter wouldn't have crashed.
>
>   * Programmed in Common Lisp, the Therac-5 bug wouldn't have occured:
>
>       "The defect was as follows: a one-byte counter in a testing
>        routine frequently overflowed; if an operator provided manual
>        input to the machine at the precise moment that this counter
>        overflowed, the interlock would fail."
>
>     since again, incrementing a counter doesn't fucking overflow in
>     lisp!
>
>   * Programmed in Common Lisp, heartbleed wouldn't have occured, because
>     lisp implementors provide array bound checks, and lisp programmers
>     are conscious enough to run always with (safety 3), as previously
>     discussed in this thread.
>
>
> What I'm saying is that there's a mind set out-there, of using modular
> arithmetic to approximate arithmetic blindly.  Until you will be able to
> pay $1.29 for 3 kg of apples @ $2.99, people should not program with
> modular arithmetic!
>
>
> > And I again point out a software non-disaster qmail, whose author
> > offered a bug bounty. Secure programs can be written in C.
>
> postfix too is architectured to deal with security.
>
> You can also write secure software on a Turing Machine.
>
>
>
> > And if the flight safety of an aircraft depended upon the current
> > Lisp version of Ironclad's impenetrability, we would be in trouble.
>
> This is another question, that of the resources invested in a software
> ecosystem, and that of programming language mind share.   Why the
> cryptographists don't write their libraries in Common Lisp and choose to
> produce piles of C instead?
>
>
> --
> __Pascal Bourguignon__
> http://www.informatimago.com/
> "Le mercure monte ?  C'est le moment d'acheter !"
>
>
>
> _______________________________________________
> pro mailing list
> pro at common-lisp.net
> http://common-lisp.net/cgi-bin/mailman/listinfo/pro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/pro/attachments/20140428/f5f99128/attachment.html>

More information about the pro mailing list