I work for a fortune 100 company in the telecom space. They are absolutely dirtying their shorts over security concerns. They haven't had any major fallout yet, but they figure it's inevitable. They have been flying in experts to tell us all how to write safer C code. Having witnessed several such 1 to 3 day tirades on how to write safer C code, I think I can summate 99% of the issue as: "make sure you don't over-run any buffers". This is because almost all of the "exploits" that don't involve walking in through an open door involve pushing executable code into an over-written buffer. I've been thinking it over, and I can't for the life of me think of a way to over-run a buffer in Ruby. Is this the same as thinking one is safe from viruses because he's driving a Macintosh, or is Ruby (and any other ducktyped and garbage collected, etc. etc. language) automatically much safer by default? Asking the same question in a different way, does Ruby have any similar "Achilles heel" that one has to be careful of to avoid providing the hackers out there with "exploits 'aplenty"? thanks, jp
on 2006-06-01 08:06
on 2006-06-01 10:37
On 6/1/06, Ruby <email@example.com> wrote (about buffer overflows): > Asking the same question in a different way, does Ruby > have any similar "Achilles heel" that one has to be careful > of to avoid providing the hackers out there with "exploits > 'aplenty"? No. The normal stuff about avoiding injection effects and being careful with evaluating external code holds, of course - yet those are common in all languages. The only thing is that it might be more tempting to evaluate external code in Ruby, since it's so easy to create small Domain Specific Languages. Eivind.
on 2006-06-01 11:54
This is called type-safety. The basic idea is you can only operate the data with operations specified by the data type. There is no pointer type but object reference, which you can't manipulate as an integer. The other basic idea is your code always branches to specified code entry point, rather than a random position of a buffer. I think Ruby holds true with these properties. The problem is more than safety, but also security, which is hard to control at language level. Ruby has concept of Safe levels and Tainted objects to isolate the potential dangers. This would be good enough to protect your system. The execution of external code itself doesn't really bring much more risks, as you already did with Applet or Flash or Ajax. Thanks, xiaofeng