Where should the type information be: in tags and descriptors 442

Not posted to the principals, who know this, but to people not familiar with these technologies.

Please note that none of that makes such breaches impossible. To do that, the primitives must be adequate (in an engineering, and not just a theoretical, sense) and the system must be designed and validated to be secure. I am in full agreement that this sort of facility would be a mbuttive help, but it would NOT deliver perfect security if it were just plugged in.

In particular, a necessary concomitant change is to move back to higher level and more provable languages and programming paradigms. In C, for example, a compiler has no option but to tag ALL data areas as typeless and to allow the loading of pointer data from such areas. This means that even the most perfect hardware checking can pick up only a small proportion of 'buffer overrun' bugs.

At a higher level, to make use of properly tagged and authenticated threads, operations and communications requires a higher level and more provable set of interfaces than POSIX, the Internet ones and so on. There just ain't no way that you can bolt perfect security onto an architecture that is not designed for it.

This doesn't stop salesdroids and academic bullpooters making claims to the contrary, of course. But the motto of comp.arch should be TANSTAAFL.

Regards, Nick Maclaren.