@safe and null dereferencing

[Jonathan M Davis via Digitalmars-d]

On Thursday, July 27, 2017 13:48:51 H. S. Teoh via Digitalmars-d wrote:
> On Thu, Jul 27, 2017 at 07:50:52PM +0000, Moritz Maxeiner via Digitalmars-
d wrote:
> > On Thursday, 27 July 2017 at 18:46:16 UTC, Jonathan M Davis wrote:
> [...]
>
> > > I see no problem whatsoever requiring that the platform segfaults
> > > when you dereference null. Anything even vaguely modern will do
> > > that. Adding extra null checks is therefore redundant and
> > > complicates the compiler for no gain whatsoever.
> >
> > Except that when someone gets (root) access to any modern Linux
> > servers running D services he now has an easy way to create a denial
> > of service attack the owner of the server won't easily be able to find
> > the cause of, because pretty much everything *looks* right, except
> > that somehow the D services hang.
>
> If someone malicious has root access to your server, you already have
> much bigger things to worry about than D services hanging. :-D

Agreed. And Safe D has never made any promises about denial of service
attacks and whatnot, let alone preventing things going wrong if someone has
root access. If you don't want segfaulting to open a window for someone to
hit you with a DoS attack, then don't dereference null pointers, and if you
don't want someone to do nasty things to your server that would require them
to be root, then do the appropriate things to protect your machine so that
they don't have root. We can _always_ find ways that a badly written program
can have issues with DoS attacks or have trouble if someone malicious has
access to the machine that it's running on. @safe is about guaranteeing
memory safety, not about stopping people from screwing you over when you
write bad code or fail to protect your computer from attacks.

- Jonathan M Davis