Bugtraq mailing list archives

Re: EMERGENCY: new remote root exploit in UW imapd

From: cts () INTERNETCDS COM (Craig Spannring)
Date: Tue, 21 Jul 1998 15:00:19 -0700


Kragen writes:


I've heard that bounds-checking typically increases the time to do
things by 30-50%.  The bounds-checking egcs people are optimistic that
this can be reduced.  Even so, it's much smaller than the variance
introduced by different degrees of optimization and efficient
design.


Since C was never designed to do bounds checking it will be hard to
retrofit it efficiently.

Other languages such as Ada have a much easier time.  For instance if
you compile the following program with gnat the compiler figures out
that no array bounds checking is needed and you take a 0% performance
hit.

  with Ada.Text_Io; use Ada.Text_Io;
  with Ada.Integer_Text_Io; use Ada.Integer_Text_Io;
  procedure Foo is

    type My_Index is range -10..10;
    type My_Array is array(My_index) of Integer;

    A: My_Array;
    function Sum(Arr: in My_Array) return Integer is
       Result: Integer := 0;
    begin
       for I in My_Index loop
          Result := Result + Arr(I);
       end loop;
       return Result;
    end Sum;

    T: Integer;
    begin
       for I in My_Index loop
          Put("Input a number ");
          Get(A(I));
       end loop;
       Put("The sum is "); Put(Sum(A)); New_Line;
    end Foo;

In fact the gnat people say that the assembly output is almost
identical to what gcc would produce with an equivalent C program.

I haven't written a lot of Ada code and none professionally, but I did
play around writing the bootstrap code for a PC once.  The boot strap
code needs to fit into the first 7K of a floppy and that's not a lot
of space.  If the code had raised any exceptions the required runtime
exception functions would not have fit in the space allowed.

It was the code size I had to worry about, not the speed, but in this
case being able to show that I wasn't taking a code size hit also
showed that I wasn't taking a performance hit either.


--
=======================================================================
 Life is short.                  | Craig Spannring
      Ski hard, Bike fast.       | cts () internetcds com
 --------------------------------+------------------------------------
 Any sufficiently perverted technology is indistinguishable from Perl.
=======================================================================

Current thread:

Re: New Java Security Flaw Found, (continued)
- - - Re: New Java Security Flaw Found Sean Garagan (Jul 20)
  - Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy Fred Donck (Jul 20)
  - N-Base Vulnerability Advisory TTSG (Jul 20)
  - IRIX 6.4 ioconfig(1M) and disk_bandwidth(1M) Vulnerability SGI Security Coordinator (Jul 20)
  - IRIX 6.3 & 6.4 mailcap vulnerability SGI Security Coordinator (Jul 20)
  - Bounds Checking Aleph One (Jul 20)
    - Re: Bounds Checking Ari Heitner (Jul 21)
    - Re: Bounds Checking Andrew McNaughton (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Andy Church (Jul 17)
  - Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
    - Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
  - Bounds checking - historical aside Russell Fulton (Jul 20)
    - Re: Bounds checking - historical aside Brett Glass (Jul 21)
  - Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
  - Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
  - Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)

(Thread continues...)