[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From: Mario Castelán Castro
Subject: Re: CVE-2017-14482 - Red Hat Customer Portal
Date: Mon, 25 Sep 2017 20:43:39 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

On 25/09/17 16:49, Emanuel Berg wrote:
> Mario Castelán Castro wrote:
>> This is the prevalent attitude among
>> programmers
> Perhaps because it makes sense? It is known as
> "conventional wisdom".
>> we are showered by an endless stream of
>> security patches and bug fixes.
> Yes, and what is the problem with that?

Obviously each such fix is evidence that a security vulnerability or
another defect existed in the first place. A shower of fixes means that
bugs are extremely prevalent in software. Otherwise it would have been
impossible to sustain this tremendous bug discovery rate for years
(check any web front end to the CVE database for details).

Thus it is clear that the mainstream approach to writing software is
failing to delivers reliable software. That is why we have the need for
an alternative. Among all possible approaches, *only* formal testing has
the possibility of virtually eliminating software defects.

Note that errors in the model of the environment (as in the paper
previously mentioned in this conversation) are not a *consequence* of
formal verification. This is just a symptom, and moreover it is routine
in non-formally verified software (i.e.: the developers make assumptions
about the environment that will not always be met).

For example, in Linux[1] they use the -fno-strict-pointer-aliasing
compiler flag which is just a way to shove under the rug the problem of
some incorrect assumptions they make about the semantics of C. This is
an error of the implicit model of the environment. It is not stated in
formal logic, but it is an error nonetheless.

Formal verification provide a solution for this problem: If the low
level software that makes up the environment for high level software has
a formal specification, then the possibility of errors in the model of
the environment can be eliminated by using the pre-existing formal model
of the environment.

[1] I mean Linux, the *kernel* used in GNU/Linux and other OS.

Do not eat animals; respect them as you respect people.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]