On Sun, 28 Sept 2025 at 03:11, Solar Designer <[email protected]> wrote:
> > You claim that "If functions/methods are secure then the whole software > is secure." If we talk C where main() is also a function, and limit the > definition of "whole software" to one program, then I'd agree - your > claim can as well directly say "if [all functions including] main() are > secure then the whole software [meaning this one program only] is > secure." While true, under those definitions this isn't a useful claim. > > However, if in "functions/methods are secure" you refer only to smaller > building blocks, then no, the program built from them may still be > insecure. Also "the whole software" isn't necessarily just one program. > > Everyone has said more or less the same thing that even if in a software all functions are secure then this doesn't mean that the software will be secure. But the point is that this is what people have said and this is all theoretical. Can someone give an example as to how a software made up of secure functions can be hacked? Let's assume that there are 2 (or more) different software and all the functions in all the software are secure and these software are interacting with each other. Then how can they be hacked? Can someone give an example. I don't agree with theoretical assumptions. Someone also mentioned that secure functions having limits on arguments can result in DoS. In my opinion, DoS is better than getting hacked. But still, the main point is that can someone give an example of how a software made up of all secure functions be hacked? I request for an example (not theoretical statements). Or, some example that happened in the past in the real world? I will analyze that. Amit
