Newsportal USENET - Re: A Famous Security Bug

Re: A Famous Security Bug

Sujet : Re: A Famous Security Bug
De : david.brown (at) *nospam* hesbynett.no (David Brown)
Groupes : comp.lang.c
Date : 23. Mar 2024, 17:36:02

Autres entêtes

Organisation : A noiseless patient Spider
Message-ID : <utmst2$3n7mv$2@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10
User-Agent : Mozilla Thunderbird

On 22/03/2024 20:43, Kaz Kylheku wrote:

On 2024-03-22, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
Is the "call" instruction *observable behavior* as defined in 5.1.2.3?

Running a program under a test harness is effectively running a
different program. Of course it can yield information about the
original program, but in effect you're linking the program with a
different set of libraries.
It's a different program, but the retained translation unit must be the
same, except that the external references it makes are resolved to
different entities.

That is true - /if/ you make the restriction that the translation unit is complied completely to linkable machine code or assembly, and that it is not changed in any way when it is combined into the new program. Such a setup is common in practice, but it is in no way required by the C standards and does not apply for more advanced compilation and build scenarios.

If in one program we have an observable behavior which implies that a
call took place (that itself not being directly observable, by
definition, I again acknowledge) then under the same conditions in
another program, that call also has to take place, by the fact that the
translation unit has not changed.

Yes - again, /if/ you restrict your tools and build processes to make this true. (And though the call may still be there, it is still not observable behaviour, and it may no longer lead to any observable behaviour in the new program.)
Basically, what you are saying is that if you have a compiler and build system that compiles individual translation units into fixed individual object files of linkable machine code, and these units are not recompiled when you link them again in new programs, then the machine code in for the externally linked functions defined in those translation units is not changed.
I don't think anyone will argue with that - it is quite solid, and does not come as news to anybody familiar with compilers and build processes.
The thing you get wrong is believing that the C standards require such a compiler and build system. They don't - and thus all your beliefs (about interaction across translation units) which depend on such a requirement, fall apart.

Les messages affichés proviennent d'usenet.

Date	Sujet	#	Auteur
20 Mar 24	A Famous Security Bug	118	Stefan Ram
20 Mar 24	Re: A Famous Security Bug	108	Kaz Kylheku
20 Mar 24	Re: A Famous Security Bug	2	Keith Thompson
20 Mar 24	Re: A Famous Security Bug	1	Keith Thompson
21 Mar 24	Re: A Famous Security Bug	35	David Brown
21 Mar 24	Re: A Famous Security Bug	34	Kaz Kylheku
21 Mar 24	Re: A Famous Security Bug	4	Chris M. Thomasson
21 Mar 24	Re: A Famous Security Bug	3	Chris M. Thomasson
22 Mar 24	Re: A Famous Security Bug	2	Chris M. Thomasson
22 Mar 24	Re: A Famous Security Bug	1	Chris M. Thomasson
21 Mar 24	Re: A Famous Security Bug	28	Keith Thompson
22 Mar 24	Re: A Famous Security Bug	24	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	19	Keith Thompson
22 Mar 24	Re: A Famous Security Bug	18	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	2	James Kuyper
22 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	David Brown
22 Mar 24	Re: A Famous Security Bug	14	Keith Thompson
22 Mar 24	Re: A Famous Security Bug	13	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	12	David Brown
23 Mar 24	Re: A Famous Security Bug	11	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	2	David Brown
24 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	8	James Kuyper
24 Mar 24	Re: A Famous Security Bug	7	Kaz Kylheku
24 Mar 24	Re: A Famous Security Bug	6	David Brown
24 Mar 24	Re: A Famous Security Bug	5	Kaz Kylheku
24 Mar 24	Re: A Famous Security Bug	3	David Brown
27 Mar 24	Re: A Famous Security Bug	2	Kaz Kylheku
28 Mar 24	Re: A Famous Security Bug	1	David Brown
24 Mar 24	Re: A Famous Security Bug	1	Chris M. Thomasson
22 Mar 24	Re: A Famous Security Bug	1	James Kuyper
22 Mar 24	Re: A Famous Security Bug	3	David Brown
22 Mar 24	Re: A Famous Security Bug	2	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	David Brown
22 Mar 24	Re: A Famous Security Bug	3	James Kuyper
22 Mar 24	Re: A Famous Security Bug	2	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	James Kuyper
22 Mar 24	Re: A Famous Security Bug	1	David Brown
21 Mar 24	Re: A Famous Security Bug	70	Anton Shepelev
21 Mar 24	Re: A Famous Security Bug	1	Keith Thompson
21 Mar 24	Re: A Famous Security Bug	15	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	13	David Brown
22 Mar 24	Re: A Famous Security Bug	12	Kaz Kylheku
22 Mar 24	Re: A Famous Security Bug	1	James Kuyper
22 Mar 24	Re: A Famous Security Bug	10	David Brown
23 Mar 24	Re: A Famous Security Bug	9	Richard Kettlewell
23 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	2	David Brown
23 Mar 24	Re: A Famous Security Bug	1	Kaz Kylheku
24 Mar 24	Re: A Famous Security Bug	5	Tim Rentsch
24 Mar 24	Re: A Famous Security Bug	4	Malcolm McLean
17 Apr 24	Re: A Famous Security Bug	3	Tim Rentsch
18 Apr 24	Re: A Famous Security Bug	1	David Brown
18 Apr 24	Re: A Famous Security Bug	1	Keith Thompson
28 Mar 24	Re: A Famous Security Bug	1	Anton Shepelev
22 Mar 24	Re: A Famous Security Bug	1	Tim Rentsch
22 Mar 24	Re: A Famous Security Bug	52	James Kuyper
22 Mar 24	Re: A Famous Security Bug	51	bart
23 Mar 24	Re: A Famous Security Bug	5	Keith Thompson
23 Mar 24	Re: A Famous Security Bug	4	Kaz Kylheku
23 Mar 24	Re: A Famous Security Bug	3	David Brown
23 Mar 24	Re: A Famous Security Bug	2	bart
24 Mar 24	Re: A Famous Security Bug	1	David Brown
23 Mar 24	Re: A Famous Security Bug	45	James Kuyper
23 Mar 24	Re: A Famous Security Bug	44	bart
23 Mar 24	Re: A Famous Security Bug	37	David Brown
23 Mar 24	Re: A Famous Security Bug	36	bart
24 Mar 24	Re: A Famous Security Bug	29	David Brown
24 Mar 24	Re: A Famous Security Bug	28	bart
24 Mar 24	Re: A Famous Security Bug	12	Keith Thompson
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	3	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	1	Keith Thompson
25 Mar 24	Re: A Famous Security Bug	7	bart
25 Mar 24	Re: A Famous Security Bug	6	Michael S
25 Mar 24	Re: A Famous Security Bug	4	bart
25 Mar 24	Re: A Famous Security Bug	3	David Brown
25 Mar 24	Re: A Famous Security Bug	2	Malcolm McLean
25 Mar 24	Re: A Famous Security Bug	1	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	15	David Brown
25 Mar 24	Re: A Famous Security Bug	14	Michael S
25 Mar 24	Re: A Famous Security Bug	13	David Brown
25 Mar 24	Re: A Famous Security Bug	3	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	1	bart
25 Mar 24	Re: A Famous Security Bug	9	bart
25 Mar 24	Re: A Famous Security Bug	7	Michael S
25 Mar 24	Re: A Famous Security Bug	6	bart
25 Mar 24	Re: A Famous Security Bug	1	David Brown
25 Mar 24	Re: A Famous Security Bug	4	Michael S
25 Mar 24	Re: A Famous Security Bug	3	bart
26 Mar 24	Re: A Famous Security Bug	2	Michael S
26 Mar 24	Re: A Famous Security Bug	1	bart
25 Mar 24	Re: A Famous Security Bug	1	David Brown
24 Mar 24	Re: A Famous Security Bug	6	Michael S
24 Mar 24	Re: A Famous Security Bug	5	bart
25 Mar 24	Re: A Famous Security Bug	2	Michael S
25 Mar 24	Re: A Famous Security Bug	1	Michael S
25 Mar 24	Re: A Famous Security Bug	1	David Brown
28 Mar 24	Re: A Famous Security Bug	1	James Kuyper
23 Mar 24	Re: A Famous Security Bug	1	Tim Rentsch
24 Mar 24	Re: A Famous Security Bug	1	Michael S
24 Mar 24	Re: A Famous Security Bug	3	Michael S
28 Mar 24	Re: A Famous Security Bug	1	James Kuyper
20 Mar 24	Re: A Famous Security Bug	1	Joerg Mertens
20 Mar 24	Re: A Famous Security Bug	5	Chris M. Thomasson
27 Mar 24	Re: A Famous Security Bug	3	Stefan Ram