Mike McNally writes:
I can physically remove all the "dangerous" calls from a Postscript interpreter and still have it be useful.
I don't see the difference. An interpreter is an interpreter.
I suppose most of this is dead obvious to me because I work in security every day, but it seems that some otherwise smart people don't see the point I'm making, repeatedly. As an exercise to the reader compare the following two tasks in difficulty. 1) Find a bug that lets you execute arbitrary programs unintentionally from a program that contains instances of the 'fork()' system call. 2) Find a bug that lets you execute arbitrary programs unintentionally from a program that contains *no* instances of the 'fork()' system call. [hint: it is much harder to get a program to do something that it has no code at all to do than to get it to do a buggy form of a something it already does.] Perry