News for wibblers. Stuff that really doesn't matter. |
|
News for wibblers. Stuff that really doesn't matter. |
|
Save the teapot fund
New CSS web design for Wibble proudly provided by Kelv. Please contact the webmaster with any questions or concerns. |
Wibble > List archives > bugtraq > 1998
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Buffer overflows. was Re: EMERGENCY: new remote root exploit in UW imapd
> Date: Fri, 17 Jul 1998 15:49:02 -0700
> From: Craig Spannring <cts@xxxxxxxxxxxxxxx>
> The responses I've gotten can be grouped into the following broad
> categories-
>
> 1) Life would be good if we eliminated C and we will.
> 2) Life would be good if we eliminated C, but we can't.
> 3) C is the only language fast enough.
> 3) Eliminating buffer overflows is nice, but won't solve most of
> the problems.
> 3) You can write safe code in C using strncpy, snprintf, et al.
> 4) Only morons write code with buffer overflows
> 5) Modula-2 and Ada suck and you do you.
You missed one:
5) Modula-2 and Ada are just as insecure if you turn off array
bounds checking.
The language is not the problem; it's the absence of array bounds
checking. There are a number of C compilers that will check your
bounds for you, there's even a modified gcc that will do this.
--
Geoff Keating <Geoff.Keating@xxxxxxxxxx>
|
