Follow

Most software hacking seems to be about poking past whatever abstraction layer was meant to be unpokable and then overriding the invariants of the layer below. In this sense hacking seems extremely boring and amounts to a tautology of code patching other code where one adversary has the advantage because they're working on a lower substrate.

Another view of hacking is about uncovering hidden pathways in the dynamic execution of a program but this is also kinda boring because we know how to guarantee correct dynamics with type systems. So hacks that exploit abstraction boundaries are only really possible in unsafe languages because in a safe language abstraction breaks are bugs in the type system or the compiler or the underlying hardware.

So unsafe languages introduce another degree of freedom in software systems. This extra degree of freedom can be used to link up paths in the dynamic execution of the program across different abstraction boundaries.

In some cases this might be necessary and the extra degree of freedom and the resulting complexity it brings ends up being a valid tradeoff. But, in most cases this tradeoff is not warranted and creates an unnecessarily complicated system with a complicated dynamic topology because we can't make an guarantees about the abstraction fibers.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!