Re: On compilers and bounds checking (was: EMERGENCY: new remote

[mouse () RODENTS MONTREAL QC CA (der Mouse)]

> There will always be poor programmers out there so long as we don't
> require authenticated IQ results with each software packages :).

True.  But I'd place the period after "there".

Even requiring "authenticated IQ results" wouldn't help much, though:

(a) The presence of intelligence is no guarantee of its use.  (Anyone
who's hung out with Mensans knows this.)

(b) Even the best programmers make mistakes.  (I recently installed inn
2.0.  It comes with inndstart, a little set-uid program that's designed
to be small enough to be vetted by hand by paranoid sysadmins.  Reading
over the code, I found two buffer overruns - sprintf of user data into
a fixed-size buffer.  I've mailed inn-bugs about them, and don't mind
mentioning them here anyway because they aren't obviously exploitable.
My point is just that inn is *not* the work of the room-temperature IQ
crowd, and it *still* has a classic buffer overrun, in a program
specifically intended to be a tiny little secure do-one-thing.)

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B