[3472] in cryptography@c2.net mail archive
Re: Medium-term real fix for buffer overruns
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Oct 14 22:19:35 1998
To: Phil Karn <karn@qualcomm.com>
cc: cryptography@c2.net
In-reply-to: Your message of "Wed, 14 Oct 1998 18:15:50 PDT."
<199810150115.SAA29160@servo.qualcomm.com>
Reply-To: perry@piermont.com
Date: Wed, 14 Oct 1998 22:00:00 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Phil Karn writes:
> How about a more modest start: expunge the gets() function from the
> C library?
>
> Right after the Morris Worm (almost exactly 10 years ago!) I called up
> one of the Bellcore guys who was on the ANSI C library committee and asked
> if he could propose to expunge gets() from the standard. He said the
> committee rejected the idea. It would break too much code.
>
> As if code that uses gets() isn't *already* broken.
NetBSD has, effectively, expunged gets() from its userland, and many
other unsafe functions, too. We have linker tricks so that code linked
with the unsafe functions prints lots of warning messages at compile
time telling you how bad an idea using the functions is.
I believe most of the other free unixes have been doing similar
things.
In the long run, though, the only solid solution is using a superior
language, like Java, for tasks that aren't extremely time
critical. The kernel can't be writtin in a language like that, but
your web server easily can -- in fact, w3c's Jigsaw is already written
in Java. If Cygnus or someone else came out with a workable native
code Java compiler and runtime, it would be practical to move past C
for many of these sorts of tasks.
Perry
