Re: [Lit.] Buffer overruns

newstome_at_comcast.net
Date: 12/10/04

• Next message: Jean-Luc Cooke: "Re: Randomness of Shuffling? - Possible?"
• Previous message: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• In reply to: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
• Next in thread: Bryan Olson: "Re: [Lit.] Buffer overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 10 Dec 2004 15:43:53 GMT

Douglas A. Gwyn <DAGwyn@null.net> wrote:
> David Wagner wrote:
>> It's too bad the C language specified a terminated-string library
>> as part of the language specification, rather than a counted-string
>> library. We might have seen fewer buffer overruns if the latter had
>> been the case.
>
> Buffer overruns are not due to the design of the str*
> functions, but rather to programmer oversight and/or
> laziness. Most buffer overrun problems have nothing
> to do with the str* functions. This noise about the
> str* functions distracts from addressing the *real*
> problem.

A fine distinction, unless of course you want to live in the real
world. You can say that C strings work as defined, so any mistakes
are due to improper use, and you'd be right. But you can't deny that
a huge portion of non-robust (or insecure) software is due to improper
string handling in C. This is a real problem -- and if you have a
real problem, you want (or I want!) a real solution, and two come to
mind immediately:

 1) Make sure all C programmers are highly trained and never make
    mistakes.

 2) Make standard constructs safer in C.

The probability of option 1 is basically zero. Not only do very good
programmers sometimes makes mistakes (hell, I'm a very good programmer
and I certainly make mistakes), but you can't ignore the fact that
there are a lot of people that use C that don't even approach the
"competent" label (see the Diebold voting machine code for a concrete
example). This is a reality of life, and just saying "well it's their
fault" it completely unhelpful.

-- 
That's News To Me!
newstome@comcast.net

---

• Next message: Jean-Luc Cooke: "Re: Randomness of Shuffling? - Possible?"
• Previous message: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• In reply to: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
• Next in thread: Bryan Olson: "Re: [Lit.] Buffer overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [Lit.] Buffer overruns ... Most people make mistakes from time to time. ... With buffer overruns, it seems the challenge is to know what the right ... However, 99% is not enough, because 1 buffer overruns suffices to render ... The question, though, is whether manual processes can ... (sci.crypt) Re: Thou shalt have no other gods before the ANSI C standard ... >Even if errant reads are a real problem, ... >> count on that process to eliminate all buffer overruns. ... until we have a development process that is demonstrably "good enough" ... (sci.crypt) Re: Php invented by a former DECcie ? ... Bob Koehler wrote: ... In some languages the programmer has to do extra ... work to allow buffer overruns. ... How the code is written may be up to the programmer, ... (comp.os.vms) Re: another day, another patch ... ... Buffer overruns are not the fault of the lanuguage. ... programmer to take extra effort to prevent them is faulty. ... language definition that would make it easy for compilers and RTL ... (comp.os.vms) Re: How to develop a random number generation device ... question of whether the OS can prevent buffer overruns. ... to write safe code" or "a real OS is required to make safe code possible". ... Requiring the use of a higher-level ... language simply means that a programmer has to make some effort to get ... (sci.electronics.design)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2004-12