Spec#, nullables and more
Daniel Gibson
metalcaedes at gmail.com
Fri Nov 26 19:39:07 PST 2010
Rainer Deyke schrieb:
> On 11/26/2010 10:28, Bruno Medeiros wrote:
>> Yes, Walter's statement that it is impossible for a null pointer to
>> cause a security vulnerability is (likely) incorrect.
>> But his point at large, considering the discussion that preceded the
>> comment, was that null pointers are utterly insignificant with regards
>> to security vulnerabilities.
>
> I really hate this way of thinking. Security vulnerabilities are binary
> - either they exist or they don't. Every security vulnerability seems
> minor until it is exploited.
>
> Yes, some security vulnerabilities are more likely to be exploited than
> others. But instead of rationalizing about how significant each
> individual security vulnerability is, isn't it better to just fix all of
> them?
>
> (I know, I'm a hopeless idealist.)
>
Of course you should fix all of them, but the (sensible) language level support
to prevent them may vary.
e.g. buffer overflows are a huge problem, so D has builtin index checking for
arrays and such.
Null Pointer dereference exploits are - as far as I know - only relevant in
kernel code and if mmaping to NULL is possible. So it's probably not a common
problem in D code and people who write code that may be affected can take care
themselves.
Cheers,
- Daniel
More information about the Digitalmars-d
mailing list