On Fri, Mar 08, 2002 at 12:45:02AM -0500, Nathan J. Williams wrote:
> jnemeth@victoria.tc.ca (John Nemeth) writes:
> 
> >      When you consider all the squawking that the OpenBSD crowd does
> > about why their code is so secure because they audit it amongst other
> > things, I want it to not have the bugs.  SSH is an extremely important
> > security related application.  It shouldn't have security holes.
> 
> I'm always stunned that people can write what they consider to be
> security-important code in a language with as many safety pitfalls as
> C. While [Open]SSH has had a handful of logic vulnerabilites, there
> have also been quite a few bounds-check vulnerabilites of the kind
> that language designers have known how to avoid for nearly thirty
> years.

Dare I ask, what possible solution do you see to this problem?  NetBSD
wants to support as many target environments as it can, and sometimes
that means targetting a "lowest common denominator" when implementing
some features.  gcc exists ~everywhere, but (correct me if I'm wrong)
doesn't offer any support for "safe" languages.  We could use an
EXEC_JAVA type thing to run byte-codes in a cross-platform way, but if
you don't use JIT compilation, performance will be really abysmal, and
the JIT can't be written in a cross-platform way.  Is it reasonable to
expect one for a VAX?  Or do we want to say that vaxen can't run ssh?
Or is there a compiler for a safe language that exists for all of our
platforms?

--aidan