Bugtraq mailing list archives

Re: EMERGENCY: new remote root exploit in UW imapd

From: achurch () DRAGONFIRE NET (Andy Church)
Date: Fri, 17 Jul 1998 08:48:58 EDT


Craig Spannring writes:

Anonymous writes:

In some ways, it is depressing to find this new hole.  Programmers are
still making the same mistakes they have made for years.  Doesn't anyone
learn from the past? [...]


C should not be used for trusted programs.  The lack of true arrays
with array bounds checking alone makes it too hazardous.  How many
buffer overflow attacks would we hear about if the trusted server
programs were written using a language with bounds checking like
Modula-2 or Ada?  Zero.


     How many file races and symlink-following errors (for example) would
we hear about if programs were written in such a language?  Lots.  You
don't get secure programs by relying on the language to secure your program
for you--you get it by PROGRAMMING SMARTLY.  I won't deny that C lets you
do lots of things that can be dangerous; but so does any other (useful)
language.  Does it let you open a file for writing?  That's dangerous--
suppose the file is /etc/passwd.  Does it let you use pointers?  That's
dangerous for obvious reasons.  (And if not, imagine the performance hit
when every array access has to be bounds-checked.  Security is good, but if
it drops performance into a tar pit you'll still have plenty of problems--
especially when your competitor is using a faster C program.)

     I have to say that I've never programmed in Ada or Modula-2 myself
(and it's been years since I've touched Pascal, which I recall as being
similar to Modula-2), so I can't comment on just how appropriate they'd be
to server programs or deny that using such a language could improve
security.  But we won't get _truly_ secure programs until people can
program securely; and people that can program securely can write secure
programs in _any_ language.

  --Andy Church                  | If Bell Atlantic really is the heart
    achurch () dragonfire net       | of communication, then it desperately
    www.dragonfire.net/~achurch/ | needs a quadruple bypass.

Current thread:

New Java Security Flaw Found, (continued)
- New Java Security Flaw Found Gary McGraw (Jul 17)
  - Re: New Java Security Flaw Found Greg Alexander (Jul 18)
    - Re: New Java Security Flaw Found Sean Garagan (Jul 20)
  - Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy Fred Donck (Jul 20)
  - N-Base Vulnerability Advisory TTSG (Jul 20)
  - IRIX 6.4 ioconfig(1M) and disk_bandwidth(1M) Vulnerability SGI Security Coordinator (Jul 20)
  - IRIX 6.3 & 6.4 mailcap vulnerability SGI Security Coordinator (Jul 20)
  - Bounds Checking Aleph One (Jul 20)
    - Re: Bounds Checking Ari Heitner (Jul 21)
    - Re: Bounds Checking Andrew McNaughton (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Andy Church (Jul 17)
  - Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
    - Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
  - Bounds checking - historical aside Russell Fulton (Jul 20)
    - Re: Bounds checking - historical aside Brett Glass (Jul 21)
  - Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
  - Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)

(Thread continues...)