Re: Thou shalt have no other gods before the ANSI C standard
From: Brian Inglis (Brian.Inglis_at_SystematicSW.Invalid)
Date: 02/18/05
- Previous message: Charlie Gibbs: "Re: Thou shalt have no other gods before the ANSI C standard"
- In reply to: David Wagner: "Re: Thou shalt have no other gods before the ANSI C standard"
- Next in thread: Trevor L. Jackson, III: "Re: Thou shalt have no other gods before the ANSI C standard"
- Reply: Trevor L. Jackson, III: "Re: Thou shalt have no other gods before the ANSI C standard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Feb 2005 17:28:45 GMT
On Fri, 18 Feb 2005 06:28:05 +0000 (UTC) in alt.folklore.computers,
daw@taverner.cs.berkeley.edu (David Wagner) wrote:
>Brian Inglis wrote:
>>There were also a *lot* of hardwired line length restrictions in AT&T
>>derived code: either .5KB or 2KB; but they did check, report, and fail
>>immediately when any line exceeded the bounds.
>>That's when I found out about the GNU project, their "no arbitrary
>>limits" guideline, and started using their code instead of AT&T
>>derived versions to get work done.
>>That's also a reason I'm against ABC: brittle code with arbitrary
>>failures does not get work done and alienates the user, because
>>there's no way they can work around it, except by using a different
>>piece of software.
>
>Sounds like a good reason to be against programs that use fixed-size
>buffers. Not sure how that translates to a reason to be against (or
>for) ABC. ABC doesn't on its own make code any more or less brittle;
>it just reduces the impact of buffer overrun bugs. If your code is
>brittle with ABC enabled, it was brittle with ABC disabled, too.
>
>Ways for working around ABC are dangerous. If there are ways to work
>around the bounds checking, then that is the first thing an attacker
>is going to try.
I prefer programs without any arbitrary bounds that could be checked
automatically, and code that just "does the right thing".
--
Thanks. Take care, Brian Inglis Calgary, Alberta, Canada
Brian.Inglis@CSi.com (Brian[dot]Inglis{at}SystematicSW[dot]ab[dot]ca)
fake address use address above to reply
- Previous message: Charlie Gibbs: "Re: Thou shalt have no other gods before the ANSI C standard"
- In reply to: David Wagner: "Re: Thou shalt have no other gods before the ANSI C standard"
- Next in thread: Trevor L. Jackson, III: "Re: Thou shalt have no other gods before the ANSI C standard"
- Reply: Trevor L. Jackson, III: "Re: Thou shalt have no other gods before the ANSI C standard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
