[3475] in cryptography@c2.net mail archive
Re: Medium-term real fix for buffer overruns
daemon@ATHENA.MIT.EDU (Sandy Harris)
Wed Oct 14 22:52:53 1998
Date: Wed, 14 Oct 1998 22:42:57 -0400
From: Sandy Harris <sandy.harris@sympatico.ca>
To: John Gilmore <gnu@toad.com>
CC: "Steven M. Bellovin" <smb@research.att.com>,
"Arnold G. Reinhold" <reinhold@world.std.com>,
decius@ninja.techwood.org, cryptography@c2.net
John Gilmore wrote:
> The C language does not require security holes when buffers overflow.
> It's the implementations that fall down on the job.
>
> I'm looking for someone who'll build a version of GCC (EGCS) that
> fully checks C pointers (making sure that they point within the object
> whose address was originally taken to create the pointer). The ANSI C
> standard was very carefully written to permit such checking, and fully
> checked pointers have already been successfully implemented in C
> interpreters like Saber C, which many people have run major
> applications through for debugging.
It occurs to me that the original lint(1) used the parser from the C
compiler. Could one go the other way, starting from LClint? Would
that be a good starting point for this project?
http://www.sds.lcs.mit.edu/lclint/index.html
I've been wondering for some time if one could create a compiler with
stronger error-checking by using pieces of LClint & pieces of gcc.
Might this be a way to accomplish your project?
--
Sandy Harris sandy.harris@sympatico.ca
Help secure the Internet: http://www.cygnus.com/~gnu/swan.html
