LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Would Biden administration approve of LabVIEW?


@josborne wrote:

Thanks for all the comments!  I think this issue of "memory safety" is still a bit hard to grasp.  But this ONCD report is about cybersecurity not about bugs.  So the ONCD isn't worried if you create buggy code, its worried that hackers can take advantage of "non-memory-safe" code to cause damage.... right?  


That's for many purposes the same thing. Buffer overflow exploitation is one such possibility that is enabled by buggy code. While it doesn't need to crash, or at least under normal circumstances won't, such overflows can be exploited by injecting specially crafted data streams that will either overflow in a way that the process will crash (Denial of Service) or even more nefarious, that it places strategic bytes into memory (for instance on the stack) and then causes the program flow to branch into attacker controlled code that can suddenly do anything the current process is allowed to do. There are other such vulnerabilities. In C/C++ these kind of errors are very easy to make, and then can be exploited if you find them. In LabVIEW, aside of bugs contained in LabVIEW itself, it is very hard to make such errors since LabVIEW does not have pointers that can one moment point to an object, the next moment be a function. IMHO if you put languages like C# or Java into the memory safe camp, LabVIEW easily can be put in the same. C# is in principle originally simply a Java clone that Microsoft created in order to not have to license Java from Sun Microsystem. At the same time Microsoft tried to keep it as close to C as possible, but not allow the same unsafe operations, although they initially did compromise quite a bit on that front.

 

If you really want to play the safe card, you should look at Rust or other such languages which were specifically designed to avoid all these possibilities to do unsafe memory operations. But while LabVIEW wasn't specifically designed for that, it ranks fairly high on that scale too.

Rolf Kalbermatter
My Blog
Message 11 of 13
(234 Views)

@rolfk wrote:

If you really want to play the safe card,..


..don't hook relevant hardware to an unsave (  any ) network. But even without any connection, there is still layer 8.

Greetings from Germany
Henrik

LV since v3.1

“ground” is a convenient fantasy

'˙˙˙˙uıɐƃɐ lɐıp puɐ °06 ǝuoɥd ɹnoʎ uɹnʇ ǝsɐǝld 'ʎɹɐuıƃɐɯı sı pǝlɐıp ǝʌɐɥ noʎ ɹǝqɯnu ǝɥʇ'


0 Kudos
Message 12 of 13
(181 Views)

@Henrik_Volkers wrote:

@rolfk wrote:

If you really want to play the safe card,..


..don't hook relevant hardware to an unsave (  any ) network. But even without any connection, there is still layer 8.


In fact the only really safe computer is likely a computer, disconnected from any power, put in a heavy safe and dumped at the deepest ocean spot. 😁

Rolf Kalbermatter
My Blog
Message 13 of 13
(152 Views)