Re: EMERGENCY: new remote root exploit in UW imapd

To: BUGTRAQ@xxxxxxxxxxxx
Subject: Re: EMERGENCY: new remote root exploit in UW imapd
From: Craig Spannring <cts@xxxxxxxxxxxxxxx>
Date: Tue, 21 Jul 1998 15:00:19 -0700
Approved-by: aleph1@DFW.NET
In-reply-to: <Pine.SUN.3.96.980721122913.6874H-100000@picard.dnaco.net>
References: <199807171248.IAA25275@Bahamut.dragonfire.net> <Pine.SUN.3.96.980721122913.6874H-100000@picard.dnaco.net>
Reply-to: Craig Spannring <cts@xxxxxxxxxxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxx>

Kragen writes:
 >
 > I've heard that bounds-checking typically increases the time to do
 > things by 30-50%.  The bounds-checking egcs people are optimistic that
 > this can be reduced.  Even so, it's much smaller than the variance
 > introduced by different degrees of optimization and efficient
 > design.

Since C was never designed to do bounds checking it will be hard to
retrofit it efficiently.

Other languages such as Ada have a much easier time.  For instance if
you compile the following program with gnat the compiler figures out
that no array bounds checking is needed and you take a 0% performance
hit.

  with Ada.Text_Io; use Ada.Text_Io;
  with Ada.Integer_Text_Io; use Ada.Integer_Text_Io;
  procedure Foo is

    type My_Index is range -10..10;
    type My_Array is array(My_index) of Integer;

    A: My_Array;
    function Sum(Arr: in My_Array) return Integer is
       Result: Integer := 0;
    begin
       for I in My_Index loop
          Result := Result + Arr(I);
       end loop;
       return Result;
    end Sum;

    T: Integer;
    begin
       for I in My_Index loop
          Put("Input a number ");
          Get(A(I));
       end loop;
       Put("The sum is "); Put(Sum(A)); New_Line;
    end Foo;

In fact the gnat people say that the assembly output is almost
identical to what gcc would produce with an equivalent C program.

I haven't written a lot of Ada code and none professionally, but I did
play around writing the bootstrap code for a PC once.  The boot strap
code needs to fit into the first 7K of a floppy and that's not a lot
of space.  If the code had raised any exceptions the required runtime
exception functions would not have fit in the space allowed.

It was the code size I had to worry about, not the speed, but in this
case being able to show that I wasn't taking a code size hit also
showed that I wasn't taking a performance hit either.

--
=======================================================================
 Life is short.                  | Craig Spannring
      Ski hard, Bike fast.       | cts@xxxxxxxxxxxxxxx
 --------------------------------+------------------------------------
 Any sufficiently perverted technology is indistinguishable from Perl.
=======================================================================

References:
- Re: EMERGENCY: new remote root exploit in UW imapd
  - From: Andy Church
- Re: EMERGENCY: new remote root exploit in UW imapd
  - From: Kragen

Prev by Date: Re: EMERGENCY: new remote root exploit in UW imapd
Next by Date: Re: EMERGENCY: new remote root exploit in UW imapd
Previous by thread: Re: EMERGENCY: new remote root exploit in UW imapd
Next by thread: Re: EMERGENCY: new remote root exploit in UW imapd
Index(es):
- Date
- Thread