tito via Dng said on Tue, 1 Feb 2022 13:49:30 +0100

>On Tue, 1 Feb 2022 09:50:31 +0100
>Didier Kryn <kryn@???> wrote:
>
>> Le 31/01/2022 à 19:16, Steve Litt a écrit :
>> >>     Writing a self-daemonizing daemon in C was a routine when I
>> >> was still active, though I understand it could be more difficult
>> >> in shell.
>> > But more difficult in Python. I try to stay away from C if Python
>> > does the job. I think Python3 plus its standard libraries are more
>> > secure than C code written by the error prone Steve Litt.
>>
>>     Let me generalize: "I think Python3 plus its standard libraries
>> are more secure than C code written by an error prone human being."
>> (~:
>
>You made my day ;-) ... and Python is written in which programming
>language?

This is my point exactly. The C in Python was written by much more
careful and security aware programmers than I, checked by thousands.
This is why you almost never hear of security flaws or bugs in Python3.

Although made from C, Python3 has no pointers and has infinitly
expandable arrays and dictionaries, so no pointer exploits, no errant
pointers, no ininitialized pointers, and no buffer overflows. They pull
off RAM from the stack and the heap in the right way, and have garbage
collection, so memory leaks and the like are unlikely to occur by
accident. I can screw up a Python program in many ways, but assuming I
cleanse my inputs, few of those ways are a security risk.

In the hands of anything but a very careful and security-knowledgeable
programmer, writing Python3 is more secure than writing C. You could
think of Python3 as C with seatbelts and airbags, and a heck of an
inefficient transmission.

SteveT

Steve Litt
Spring 2021 featured book: Troubleshooting Techniques of the Successful
Technologist http://www.troubleshooters.com/techniques