[3470] in cryptography@c2.net mail archive
Re: Medium-term real fix for buffer overruns
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Oct 14 21:26:43 1998
To: John Gilmore <gnu@toad.com>
cc: "Arnold G. Reinhold" <reinhold@world.std.com>, decius@ninja.techwood.org,
cryptography@c2.net
Date: Wed, 14 Oct 1998 20:53:33 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
In message <199810150044.RAA24572@toad.com>, John Gilmore writes:
>> But you're certainly right that that's not the primary vulnerability in
>> most general-purpose computer systems. What is? Hint: of the 12 CERT
>> advisories this year, 9 describe buffer overflows. And next month is the
>> 10th anniversary of the Internet Worm. Sigh.
>
>The C language does not require security holes when buffers overflow.
>It's the implementations that fall down on the job.
>
>I'm looking for someone who'll build a version of GCC (EGCS) that
>fully checks C pointers (making sure that they point within the object
>whose address was originally taken to create the pointer). The ANSI C
>standard was very carefully written to permit such checking, and fully
>checked pointers have already been successfully implemented in C
>interpreters like Saber C, which many people have run major
>applications through for debugging.
That would be a tremendous help; I applaud the effort.
I confess, though, to a basic pessimism about software quality. I wonder what
generic bug will replace it... (For browsers, of course, it's Javascript.)
