[3476] in cryptography@c2.net mail archive
Re: Medium-term real fix for buffer overruns
daemon@ATHENA.MIT.EDU (Phil Karn)
Wed Oct 14 22:53:17 1998
Date: Wed, 14 Oct 1998 19:37:54 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: smb@research.att.com
CC: gnu@toad.com, reinhold@world.std.com, decius@ninja.techwood.org,
karn@qualcomm.com, cryptography@c2.net
In-reply-to: <199810150208.WAA25874@postal.research.att.com> (message from
Steve Bellovin on Wed, 14 Oct 1998 22:08:14 -0400)
>Today's offenders are strcat, strcpy, sprintf, and the like. Few programs
>use gets anymore -- after all, that was the problem, so people took it
>out of their code, and didn't bother to think further...
Good point. Arguably these functions should be expunged too, in favor
of strncat, strncpy, etc.
I agree with Perry that the better solution in the long run is to
switch to a language like Java or Perl that manages memory
automatically and carries the length of an object in the object
itself. This, and Perl's taint checking feature, nicely eliminate a
whole class of bugs that just seem to keep coming back in C.
Interpreted languages do worry me a little because of the potential
for bugs in the interpreter itself, which has to run as a highly
trusted piece of code.
Perl is the first language I've found to be worth learning since I
learned C in 1978. There are certainly *many* ugly things in Perl, but
the automatic memory management is really quite nice.
Phil
