Even using a relatively modern language like Java or Python it is difficult to write reliable programs due to web, posix and DB interfaces being designed for a simpler, less security conscious time.
For example:
- Why don't operating system security principles (users, groups etc) map to web site users? Instead my whole website runs as one apache user instead of each request running as the user that is logged into my website?
- Why don't DB's store row-level permissions based on the user that is logged into my site? I would love to know anon. users only had read access to most records and that logged in users could only ever write to their own records in the DB. For example, if I was building Amazon.com I could know that records for each book were read-only for all users, records for user profiles could only be written by the user the profile is for, and user comments could only be written by the user who posted them. Think how far this would go to stopping SQL injection attacks for example.
- Why does the posix open() call make it nearly impossible to write code that can predict which file is actually being opened? Instead there are races with creating creating temporary files, there are symlinks that point out of chroot'ed environments, there are ..'s that have to be removed, etc.
