I work for a fortune 100 company in the telecom space. They are
absolutely dirtying their shorts over security concerns. They haven’t
had any major fallout yet, but they figure it’s inevitable. They have
been flying in experts to tell us all how to write safer C code.
Having witnessed several such 1 to 3 day tirades on how to write safer C
code, I think I can summate 99% of the issue as:
“make sure you don’t over-run any buffers”. This is because almost all
of the “exploits” that don’t involve walking in through an open door
involve pushing executable code into an over-written buffer.
I’ve been thinking it over, and I can’t for the life of me think of a
way to over-run a buffer in Ruby.
Is this the same as thinking one is safe from viruses because he’s
driving a Macintosh, or is Ruby (and any other ducktyped and garbage
collected, etc. etc. language) automatically much safer by default?
Asking the same question in a different way, does Ruby have any similar
“Achilles heel” that one has to be careful of to avoid providing the
hackers out there with “exploits 'aplenty”?