Thread: OS API and Security

  1. 10-13-2011 #1
    iceaway
    iceaway is offline
    Registered User
    Join Date
    Sep 2011
    Location
    Stockholm, Sweden
    Posts
    131

    OS API and Security

    Quote Originally Posted by CommonTater View Post
    Yeah secrecy is part of it... Same concept as in C++ ... publishing interfaces but not giving out source for the implementation.
    Drifting a bit far off-topic here (moderators feel free to split it into a new thread), but I'm interested in the secrecy thing. Could you elaborate a bit on how the secrecy of the implementation matters (except for hiding bugs)? I am (as you probably could guess) thinking about Linux, where everything is open source, yet it's a very secure operating system (if set up correctly).

    Moderator note: this was split from Can I access the members of FILE struct for a file that been opened with fopen()?.
    Last edited by laserlight; 10-13-2011 at 04:17 AM.
  2. 10-13-2011 #2
    laserlight
    laserlight is offline
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Quote Originally Posted by iceaway
    Could you elaborate a bit on how the secrecy of the implementation matters (except for hiding bugs)?
    The security provided by keeping an implementation secret is just an afterthought: it should not be relied on, similiar to how knowing the workings of a good cryptosystem should not allow the attacker to break the encryption.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way
  3. 10-13-2011 #3
    manasij7479
    manasij7479 is offline
    [](){}(); manasij7479's Avatar
    Join Date
    Feb 2011
    Location
    *nullptr
    Posts
    2,657
    Quote Originally Posted by laserlight View Post
    .... it should not be relied on ....
    And that is why(aside from user stupidity); I believe, so many viruses..and all of its progeny exist!!
  4. 10-13-2011 #4
    Codeplug
    Codeplug is offline
    Registered User Codeplug's Avatar
    Join Date
    Mar 2003
    Posts
    4,981
    A good read on the subject: Open vs. Closed - ACM Queue

    gg
    How to Ask Questions The Smart Way
    How to Report Bugs Effectively
    The Only Correct Indent Style
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. /tmp/ and security
    By Epy in forum Linux Programming
    Replies: 4
    Last Post: 05-05-2010, 05:36 AM
  2. Security
    By 3saul in forum Linux Programming
    Replies: 1
    Last Post: 06-15-2006, 01:25 AM
  3. ATM's and Security
    By RoD in forum A Brief History of Cprogramming.com
    Replies: 5
    Last Post: 03-03-2003, 10:50 AM
  4. security
    By iain in forum A Brief History of Cprogramming.com
    Replies: 0
    Last Post: 09-20-2001, 08:46 PM