C considered harmful: was Debian attacker may have used new exploit
Peter Hiscocks
phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org
Thu Dec 4 03:55:43 UTC 2003
OK, I hate to flog a dead horse but really:
This exploit, like others against Unix machines many years ago, was based on
a buffer overflow dumping the user into supervisor space. This, in turn, is
a direct result of the fact that the C programming language does not check
or enforce limits on a string length or buffer size - that's left up to the
individual programmer.
Surely, given the importance of security, it should be possible to fix the C
language (or my preference, use a different one) to do systems programming.
After all, C is not so much a systems programming language as a high-level
version of assembly language.
Years ago, Philipe Khan of Borland said that 'C is a disease and the
Americans are spreading it.' Maybe he had this kind of thing in mind.
Peter
(Incidentally, a former profs at Ryerson, Heather Hinton, was working on
such a mechanism to prevent stack overflows. I guess it's never been widely
adopted.)
On Wed, Dec 03, 2003 at 10:22:01PM -0500, Tom Legrady wrote:
> When the thread gets around to Hitler, the horse is not only dead, but
> already boiled down for glue.
>
> Next topic, please.
>
> Tom
>
> >On Wed, Dec 03, 2003 at 05:11:38PM -0500, JoeHill wrote:
> >
> >
> >>So, to end the thread, placing limits on the free exchange of any information,
> >>whether it is for some limited time or perceived good, is the kind of slippery
> >>slope that leads to a regime **Hitler** would have loved ;-)
> >>
> >>
>
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
Peter D. Hiscocks
Department of Electrical and Computer Engineering
Ryerson University,
350 Victoria Street,
Toronto, Ontario, M5B 2K3, Canada
Phone: (416) 979-5000 Ext 6109
Fax: (416) 979-5280
Email: phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org
URL: http://www.ee.ryerson.ca/~phiscock
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list