Bugtraq mailing list archives
Re: at the risk of another flamefest..
From: jeremyp () gsms01 alcatel com au (Peter Jeremy)
Date: Tue, 16 Jul 1996 07:09:34 +1000
On Mon, 15 Jul 1996, David Stagner <stagda () ncs com> wrote:
Many, many well-proven languages handle array bounds checking for the programmer, and do so efficiently.
It might be worth noting that Richard W.M. Jones <rwmj () doc ic ac uk> has written some patches to gcc which add fine-grained bounds checking to C. Sources are in: ftp://dse.doc.ic.ac.uk/pub/misc/bcc Additional information at: http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html Unfortunately, the resultant code is substantially slower and is therefore really only suitable for testing - this seems primarily due to the requirement for bounds-checked code to fully interwork with non bounds- checked code.
What we need is a powerful, portable, widely used language that automagically handles bounds checking for us. Sounds like perl to me.:}
I disagree. Whilst perl at the script level hides array-bounds problems from the user, it is not a panacea. Firstly, the interpreter itself is written in C - thus it is possible that the interpreter itself may suffer from an array-bounds problem. Secondly, it is _very_ large (several times the size of sendmail) thus violating the KISS principle - which is particularly important for security tools. ---- Peter Jeremy (VK2PJ) peter.jeremy () alcatel com au Alcatel Australia Limited 41 Mandible St Phone: +61 2 690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 690 5247 PGP fingerprint: 2A C6 47 D1 BF 56 5A 10 CC 02 2D 89 EA 10 AA 40
Current thread:
- Re: at the risk of another flamefest.. Peter Jeremy (Jul 15)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- identd hole? Brett L. Hawn (Jul 15)
- Re: identd hole? Rob Quinn (Jul 16)
- <Possible follow-ups>
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Mike Neuman (Jul 15)
- Re: at the risk of another flamefest.. Brian Clapper (Jul 16)
- Re: at the risk of another flamefest.. David Miller (Jul 16)
- Re: at the risk of another flamefest.. David Stagner (Jul 16)
- [linux-security] sliplogin David Holland (Jul 16)
(Thread continues...)