Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!uflorida!haven!umbc3!cs374124 From: cs374124@umbc3.UMD.EDU (Clark "Crash" Culligan) Newsgroups: comp.lang.forth Subject: Re: Computer (in)security Summary: The Concept of a Secure Language Message-ID: <1359@umbc3.UMD.EDU> Date: 21 Nov 88 20:26:17 GMT References: <8811171507.AA08404@jade.berkeley.edu> Reply-To: cs374124@umbc3.UMD.EDU (Clark "Crash" Culligan) Organization: University of Maryland, Baltimore County Lines: 48 In article <8811171507.AA08404@jade.berkeley.edu> ZMLEB@SCFVM.BITNET (Lee Brotzman) writes: > >Was anyone watching either the Today Show on NBC or Good Morning >America in ABC between 7:30 and 8:30 earlier this week (probably >Monday)? Let me explain why. My parents caught someone on those talk >segments that was talking about the Computerized Voting Booths. >Aparently, he was saying that because they were written in Forth they >could be tampered with, because Forth is an unsecure language. (stuff fromthe middle deleted) > I'm posting this is to try to raise another topic of discussion. >Is there such a thing as a "secure" programming language, or can only >programs themselves be thought of as secure? What techniques can be used >to write secure programs in any language, especially Forth? Language "security" I think has something to do with the error-trapping and/or memory protection of a program being executed. A "secure" language will trap errors that will trash variable memory, tear through program memory, etc. In that regard, Forth is unsecure. Then again, Forth is MEANT to be a wide-open, fully changeable language. Rarely have I seen a FORTH program not dip into program memory to change pointers to other words around. Why, the very act of changing the value of a variable involves taking the memory location and writing a new value to it. Forth is not a language for idiots, because Forth has no tolerance for idiocy. On the other hand, the security THEY'RE talking about is tamperability. How tamper-proof a program is depends on how it's written. A Forth system could be very secure, for instance, if you use specially coded words (so they couldn't be perniciously executed without a special book), and the stack space should be reduced to make any on-the-spot changes impossible without involving a stack-heap collision. I'm not studying Forth officially (it's more of a hobby), but that's the way I'd start write-protecting the language. On the third hand, we're talking about voting booths here. That means we're talking about officials, probably government officials, and THAT means government officials working with Forth. Stick to Cobol, guys. Leave the Forth programming to the experts... -David Wood -Lowly Student, UMBC =================================================================== = "Did YOU water your grandmother today?" = Strangeness On Demand = ===================================================================