Re: Privilege-escalation attacks on NT-based Windows are unfixable

From: David Wagner (daw@mozart.cs.berkeley.edu)
Date: 08/24/02


From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: Sat, 24 Aug 2002 00:09:04 +0000 (UTC)

Ursus Horibilis wrote:
>How hard is it to define a safe string type and a set of functions to go
>with it?

Hard enough that real programmers don't seem to do it, in practice.
Who can blame them? When they do do it, noone else can read their code.
(Witness qmail: it has its own string library, but everyone complains
about how this makes it hard for others to read.)

Safe string libraries are a great example of something that, in an ideal
world, ought to have been part of the original standard, but weren't.