Comment by drvdevd

8 years ago

But - I can't think of a single language in which using it "wrong" might not lead to info leaks? Any language with a runtime has to manage memory somehow at the runtime layer and so similar leaks can occur there depending upon design and implementation, and the wider OS context.

At the whole program/application level, when you create your own data structures, you can find lots of ways to leak them to the world.

2 comments

drvdevd

Reply
alkonaut  8 years ago

No one calls C#, JavaScript and Python memory unsafe because their runtimes are implemented in C. Nor do I expect CF to not use Linux or Nginx because they are written in C. We have to live with C but I expect everyone who does anything safety or security critical to do everything they can to minimize the amount code that is susceptible to this class of bug.

Using a runtime with a safe language on top is a perfectly good example of doing that.

Logic errors causing leaks will always be a threat, but we shouldn't be leaking because of pointer arithmetic problems in custom C code. Not 2017.

  • pjmlp  8 years ago

    Regarding C#, the plan is to increasingly move C++ code to C#, now that they have Roslyn and .NET Native.