RE: Coding securely, was Linux (in)security

[Paul Schmehl <pauls () utdallas edu>]

--On Sunday, October 26, 2003 7:25 PM -0800 Chris Eagle 
<cseagle () redshift com> wrote:
> That is the most backward thing I have ever heard.  So you are saying all
> I need to do as a programmer is tell you not to pass a negative
> number/null pointer/un-initialized value... to my function and I am off
> the hook.  All I can say is that I am glad utdallas doesn't have you
> teaching programming. The fact that you are unaware what lies inside the
> black box in no way relieves the responsibility of the designer of the
> black box to make sure that it behaves predictably under all input cases.
No, that is not what I'm saying.  What I'm saying is that the programmer 
should not *expect* the subroutine to do his error checking for him.  If 
*everyone* wrote code that way, including the writer of the subroutine, we 
wouldn't have the problems we have with buffer overflows.

The problem we have now is everyone is expecting someone *else* to do the 
error checking, when in fact everyone should be expecting exactly the 
opposite.

However, what you are expecting the writer of the subroutine to do is 
anticipate every possible input, and that may not be possible in all cases. 
Certainly the writer should do error checking, but that doesn't alleviate 
the *user* of the subroutine from doing their job.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html