Patrick M. Hausen wrote:
>You can. You can code an HTTP server that does nothing but
>serve static documents in (my guess) less than 1000 lines of
>C and you can prove a program of this size to be correct.

My first web site was implemented entirely using /etc/inetd.conf
using /bin/dd if=/www/document.html and tying the whole thing
together mapping one URL to a port. Obviously, that approach
is limited.

I don't think correctness proofs are necessary or maybe even
possible. What I'm interested in seeing are "arguments from
sound engineering." Take the example above; I can probably
Given that dd is configured to only send data out the pipe, we
cannot be penetrated across the data channel.

That's really nice! Look ma, no buffer overruns! There are
still potential resource starvation attacks, TCP-level traffic
jamming games, etc, etc. But by accepting absolutely no
data from the remote system, we've taken whole classes of
problems off the table.

The "take whole classes of problems off the table" approach
is what engineers consider elegance of design. It's that kind
of elegance that is mostly lacking in how we do operating
systems and security system design, today.


firewall-wizards mailing list