Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: Joseph S D Yao <jsdy () center osis gov>
Date: Fri, 19 Jul 2002 01:08:43 -0400
On Thu, Jul 18, 2002 at 05:46:38PM -0400, Marcus J. Ranum wrote:
Joseph S D Yao wrote:However, my major contribution to the consolidated patch - besides removing a lot of bugs - was to put in a lot of comments. "It is obvious" that very little code is self-explanatory. ;-)Security critical code shouldn't be commented. :) It should either be sufficiently obvious or the auditor should be sufficiently skilled that comments aren't needed -- besides they just serve as distractions. :) If you don't have comments, your comments and your code are never in disagreement!!! :)
That attitude was kind of obvious throughout FWTK, if you don't mind my saying so. ;-) But so were some errors, once I wrote down what the code "should be" [IMHO] doing. Here's a shocker: ALL CODE IS CORRECT! Why do I say that? Because all code does what it says it does! But "it is obvious" to us that some code is incorrect - that is, it doesn't do ... something. What is that something? It is what the code "should be" doing. This is culled from the RFCs, from the desires of the Elders, from the contract given us by Those Who Pay Our Bills. And I write this up in the commentary, and set it next to the code. NOW, we have something that could be incorrect! It could be incorrect, because the individual documented actions inside the function do not do what the commentary at the beginning of the function says that it does - the algorithm is incorrect. Or, it could be incorrect because the code next to the commentary inside the function does not do what that function says - the algorithm is correct, but the implementation is wrong. Or, it could be incorrect because the possible allowed inputs are much more broad than the correctly implemented algorithm can correctly handle - the interface is wrong, perhaps causing buffer overflows. It can be incorrect, in short, because now there can be an internal contradiction between one expression of the program - the commentary - and another - the code. This is a gross oversimplification of a much more complex taxonomy of errors, but I hope that I have caused you to consider that without commentary providing what you might call the specifications or design, or the social contract between the programmer and the user, there is nothing against which you can hold a piece of code and say, "THIS IS WRONG!" Code is amoral; it has an inherently situational ethic; such that even the grossest of buffer overflows can only lead us to conclude that the code does it, therefore the code does it. We must provide and communicate the moral absolutes against which the code is measured right or wrong. And we can communicate this on dead trees, or in living commentary. Eh? ;-) -- Joe Yao jsdy () center osis gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- FWTK and smap/smapd Behm, Jeffrey L. (Jul 16)
- Re: FWTK and smap/smapd Jerry Wintrode (Jul 16)
- Re: FWTK and smap/smapd Kevin Steves (Jul 16)
- Re: FWTK and smap/smapd Bennett Todd (Jul 16)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 19)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Anton J Aylward, CISSP (Jul 19)
- Re: FWTK and smap/smapd Paul D. Robertson (Jul 19)
- Re: FWTK and smap/smapd R. DuFresne (Jul 19)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 19)
- Message not available
- Code reviews [Was: FWTK and smap/smapd] Marcus J. Ranum (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Jim Duncan (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 22)
- Re: Code reviews [Was: FWTK and smap/smapd] ark (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 23)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)