Hacker News new | ask | show | jobs
by mrsernine 3134 days ago
>you would probably rather your programs crash than give away private information

Crashing on a security issue is a good thing for every kind of user. Crashing on a latent bug that COULD be exploited (maybe not possible at all) is a totally not desirable situation. The problem here is that hardening methods lack the ability to make that distinction.
2 comments
titzer 3133 days ago
> Crashing on a latent bug that COULD be exploited (maybe not possible at all) is a totally not desirable situation.

How do you square this with the reality that "keep on truckin" is generally the path from bugs to security exploits, and has been shown to be over and over in the wild?

link
mrsernine 3133 days ago
Bugs will happen, that's a natural law of computer science, if you keep on trucking over them you will be delivering buggy software that is likely to cause problems. Even if you chase them down and correct them all, your software is still going to have bugs, that's a fact of life.

Should code containing bugs be allowed to run? If the answer is no we must ask ourselves how much software we have today that is completely bug free (that will be 0%).

I still think these proactive approaches are good to disclose possible exploits, but killing processes just because they might be exploitable is a very long shot.

link
AnIdiotOnTheNet 3133 days ago
And yet one of the big complaints about Windows of old was how often it crashes.
link
protonfish 3133 days ago
Crashing randomly for no good reason isn't the same thing as crashing on a security exception.
link