Re: [fw-wiz] help in firewall
From: Carson Gaspar (carson_at_taltos.org)
Date: 05/29/03
- Previous message: salgak_at_speakeasy.net: "Re: [fw-wiz] Home Environment Cisco"
- In reply to: Mikael Olsson: "Re: [fw-wiz] help in firewall"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] help in firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@icsalabs.com Date: Thu, 29 May 2003 16:07:51 -0400
--On Thursday, May 29, 2003 14:36:07 +0200 Mikael Olsson
<mikael.olsson@clavister.com> wrote:
> But the system libraries are written in C, and some are
> vulnerable to buffer overruns, which is exactly how
> e.g. java based web servers / components get 0wned.
In that case, you're screwed no matter which language you use. Whether you
call a buggy libc from Java, Perl, C, or Modula-3, you still have to rely
on it being non-bogus.
I have seen a _lot_ of commercial security C code, and I have yet to see
any that wasn't... um... differently coded. Exception handling in C is just
evil. C++ adds some useful features, but isn't as nice as Java throw/catch,
and still suffers from manual memory management.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: salgak_at_speakeasy.net: "Re: [fw-wiz] Home Environment Cisco"
- In reply to: Mikael Olsson: "Re: [fw-wiz] help in firewall"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] help in firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
