Hi, On Mon, 21 Apr 2014, Ronald F. Guilmette wrote: > > In message <53546795.9050304@quietfountain.com>, > "hcoin" <hcoin@quietfountain.com> wrote: > >> ... It is for the community to decide whether it is 'worth it' >> on a case by case basis given there is no way to prove a program >> 'correct' from a security perspective. > > I guess that I was sick that day in software school. > > Did I just hear you tell me that I can't prove the following program > is "secure"? > > > int > main (void) > { > return 0; > } in an ideal world you could propably. The difficulty ist that even above seemingly trival snippet of code is run after initialization of the c runtime library and some pre processing of argc, argv. It gets more complex with c++ contstructors run before main. If gets even more complex the more software components interact in wierd and wonderfull ways. Greetings Christian -- Christian Kratzer CK Software GmbH Email: ck@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"