[3495] in cryptography@c2.net mail archive
Re: Medium-term real fix for buffer overruns
daemon@ATHENA.MIT.EDU (Barney Wolff)
Fri Oct 16 14:00:04 1998
From: Barney Wolff <barney@databus.com>
To: cryptography@c2.net
Date: Thu, 15 Oct 1998 19:17 EDT
> Date: Thu, 15 Oct 1998 16:00:11 +0200
> From: Andreas Bogk <ich@andreas.org>
>
> And other than Steve, I wouldn't just blame lousy code quality for what
> we see with C today. Every programmer has a limited set of problems
> that he can cope with at the same time. If he has to care about buffer
> overflows explicitly, he loses the time and capacity to cope with the
> original problem he wanted to solve with his program in the first place.
With all due respect, I disagree vigorously. Validating input is a
habit, just like avoiding dog doo on the sidewalk in a city. When the
habit is ingrained, it's automatic and cost-free. Buffer overflow is
hardly the only thing that unconstrained input can do to you.
Barney Wolff <barney@databus.com>
