Specification for Trusted PLs?
in [PgSql]
|
From: Stephen Frost on 21 May 2010 13:45 * David Fetter (david(a)fetter.org) wrote: > That is *precisely* the business we need to be in, at least for the > languages we ship, and it would behoove us to test languages we don't > ship so we can warn people when they don't pass. k, let's start with something simpler first tho- I'm sure we can pull in the glibc regression tests and run them too. You know, just in case there's a bug there, somewhere. Thanks, Stephen
From: David Fetter on 21 May 2010 13:58 On Fri, May 21, 2010 at 01:45:45PM -0400, Stephen Frost wrote: > * David Fetter (david(a)fetter.org) wrote: > > That is *precisely* the business we need to be in, at least for the > > languages we ship, and it would behoove us to test languages we don't > > ship so we can warn people when they don't pass. > > k, let's start with something simpler first tho- I'm sure we can pull in > the glibc regression tests and run them too. You know, just in case > there's a bug there, somewhere. That's pretty pure straw man argument. I expect much higher quality trolling. D-. Cheers, David. -- David Fetter <david(a)fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fetter(a)gmail.com iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Florian Pflug on 21 May 2010 14:04 On May 21, 2010, at 18:26 , Stephen Frost wrote: > * David Fetter (david(a)fetter.org) wrote: >> These need to be testable conditions, and new tests need to get added >> any time we find that we've missed something. Making this concept >> fuzzier is exactly the wrong direction to go. > > I'm really not sure that we want to be in the business of writing a ton > of regression tests to see if languages which claim to be trusted really > are.. Well, testing software security via regression tests certainly is sounds intriguing. But unfortunately, it's impossible also AFAICS - it'd amount to testing for the *absence* of features, which seems hard... I suggest the following definition of "trusted PL". "While potentially preventing excruciating pain, saving tons of sweat and allowing code reuse, actually adds nothing in terms of features over pl/pgsql". best regards, Florian Pflug -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Stephen Frost on 21 May 2010 14:05 * David Fetter (david(a)fetter.org) wrote: > On Fri, May 21, 2010 at 01:45:45PM -0400, Stephen Frost wrote: > > k, let's start with something simpler first tho- I'm sure we can pull in > > the glibc regression tests and run them too. You know, just in case > > there's a bug there, somewhere. > > That's pretty pure straw man argument. I expect much higher quality > trolling. D-. Sorry, but seriously, at some point we have to expect that the tools we use will behave according to their claims and their documentation, at least until proven otherwise. I don't like that it means we may end up having to issue CVE's when there are issues in things we use, but I don't think that means we shouldn't use other libraries or we should spend alot of time working on validating those tools. Presumably, they have communities who do that. As an example, consider the zlib issue that happened not too long ago and the subsequent many CVE's that came of it. We could have reviewed zlib better and possibly found that bug, but I don't know that it would be the best use of our rather limited resources. Additionally, trying to go into other code bases like that to do that kind of detailed review would necessairly be much more difficult for those who are not familiar with it. etc, etc... Stephen
From: Tom Lane on 21 May 2010 14:11
David Fetter <david(a)fetter.org> writes: > On Fri, May 21, 2010 at 12:26:24PM -0400, Stephen Frost wrote: >> I'm really not sure that we want to be in the business of writing a >> ton of regression tests to see if languages which claim to be >> trusted really are.. > That is *precisely* the business we need to be in, at least for the > languages we ship, and it would behoove us to test languages we don't > ship so we can warn people when they don't pass. I can't see us writing an AI-complete set of tests for each language we ship, let alone ones we don't. Testing can prove the presence of bugs, not their absence --- and that applies in spades to security holes. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers |