Spec#, nullables and more

Bruno Medeiros brunodomedeiros+spam at com.gmail
Mon Nov 29 08:57:13 PST 2010


On 27/11/2010 03:29, Rainer Deyke wrote:
> On 11/26/2010 10:28, Bruno Medeiros wrote:
>> Yes, Walter's statement that it is impossible for a null pointer to
>> cause a security vulnerability is (likely) incorrect.
>> But his point at large, considering the discussion that preceded the
>> comment, was that null pointers are utterly insignificant with regards
>> to security vulnerabilities.
>
> I really hate this way of thinking.  Security vulnerabilities are binary
> - either they exist or they don't.  Every security vulnerability seems
> minor until it is exploited.
>
> Yes, some security vulnerabilities are more likely to be exploited than
> others.  But instead of rationalizing about how significant each
> individual security vulnerability is, isn't it better to just fix all of
> them?
>
> (I know, I'm a hopeless idealist.)
>
>

You missed the point. The point wasn't that a vulnerability caused by a 
null pointer access was less serious or significant than a vulnerabitiy 
caused by a buffer overrun. Once a vulnerability exists, it should be 
fixed regardless, yes.
The point was that if you have a null pointer access *bug*, that bug is 
incredibly less likely to create a *vulnerability* than a buffer overrun 
*bug*. Note that "creating a vulnerability" means "making it *possible* 
to exploit the program", it does not mean "someone actually exploiting 
the vulnerability".

-- 
Bruno Medeiros - Software Engineer


More information about the Digitalmars-d mailing list