I wish I understood this better. Regarding buffer overflows, I don't
understand why you don't just fix the bugs. Even with Windows and
50,000,000 lines of code with the resources they have MS ought to be
able to find all the gets() statements and just fix them. Instead some
time ago I heard that MS was looking to hardware solutions, putting
buffers in one area of memory with some kind of protection, and code
into another. It sounded really kludgey to me. Now this article is
again talking about hardware solutions. Encrypting instructions and
doubling the execution time sounds really horrible. Scientific
programmers would have a fit. BTW, although the experiments in this
article were carried out on Linux, I don't see why the same techniques
wouldn't work for any OS. As I say, they don't involve fixing *bugs*.
But obviously I'm not understanding something.
I always had the notion that when you design a user interface, you
design it so that it will accept *arbitrary* input and respond
gracefully and appropriately. But then I must be old-fashioned.
|
|