Bugtraq mailing list archives

Re: at the risk of another flamefest..

From: alan () ez0 ezlink com (Alan L. Wendt)
Date: Tue, 16 Jul 1996 00:37:37 -0600


If I may fan the flames further... I often wonder if we should blame
our Language of Choice, rather than bad programming practice.  It
seems to me that the bulk of code-based security problems these days
are buffer overflow-related.  Is this characteristic of poor coding,
or a misfeature of C?


I would vote for the standard library calls.   A library function that
accepts a pointer to a buffer area that is going to get written into,
without requiring a size parameter, is a travesty of two mockeries of a sham.

Alan

Current thread:

FIRST Conference & Workshop Plans, (continued)
- - FIRST Conference & Workshop Plans Ron Freund (Jul 09)
  - rdist exploit [bsdi] Brian Mitchell (Jul 09)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 11)
    - Re: rdist exploit [bsdi] Damien Sorder (Jul 11)
    - Re: rdist exploit [bsdi] jaeger (Jul 12)
    - Re: rdist exploit [bsdi] Andrew N. Edmond (Jul 13)
    - Re: rdist exploit [bsdi] Andy Dills (Jul 13)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 14)
    - at the risk of another flamefest.. *Hobbit* (Jul 14)
    - Re: at the risk of another flamefest.. David Stagner (Jul 15)
    - Re: at the risk of another flamefest.. Alan L. Wendt (Jul 15)
    - hpux 10.0 remote administration Matthew G. Harrigan (Jul 15)
    - Re: rdist exploit [bsdi] System Manager (Jul 13)
    - Re: rdist exploit [bsdi] Tom Bowman (Jul 12)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 12)
    - Re: rdist exploit [bsdi] Cosimo Leipold (Jul 13)
    - Re: rdist exploit [bsdi] Jack Flory (Jul 13)
    - Re: rdist exploit [bsdi] Chris Caputo (Jul 13)
    - Re: rdist exploit [bsdi] Brian Mitchell (Jul 14)
  - BSD mail.local has race condition Travis Hassloch x231 (Jul 10)
- CERT Advisory CA-96.13.dip_vul (dip vulnerability). Jeff Uphoff (Jul 09)