C considered harmful: was Debian attacker may have used new exploit

Peter Hiscocks phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org
Thu Dec 4 03:55:43 UTC 2003 

OK, I hate to flog a dead horse but really:

This exploit, like others against Unix machines many years ago, was based on
a buffer overflow dumping the user into supervisor space. This, in turn, is
a direct result of the fact that the C programming language does not check
or enforce limits on a string length or buffer size - that's left up to the
individual programmer.

Surely, given the importance of security, it should be possible to fix the C
language (or my preference, use a different one) to do systems programming.
After all, C is not so much a systems programming language as a high-level
version of assembly language.

Years ago, Philipe Khan of Borland said that 'C is a disease and the
Americans are spreading it.' Maybe he had this kind of thing in mind.

Peter

(Incidentally, a former profs at Ryerson, Heather Hinton, was working on
such a mechanism to prevent stack overflows. I guess it's never been widely
adopted.)


On Wed, Dec 03, 2003 at 10:22:01PM -0500, Tom Legrady wrote:
> When the thread gets around to Hitler, the horse is not only dead, but 
> already boiled down for glue.
> 
> Next topic, please.
> 
> Tom
> 
> >On Wed, Dec 03, 2003 at 05:11:38PM -0500, JoeHill wrote:
> >  
> >
> >>So, to end the thread, placing limits on the free exchange of any information,
> >>whether it is for some limited time or perceived good, is the kind of slippery
> >>slope that leads to a regime **Hitler** would have loved ;-)
> >>    
> >>
> 
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

-- 
Peter D. Hiscocks                         	   
Department of Electrical and Computer Engineering    
Ryerson University,                    
350 Victoria Street,
Toronto, Ontario, M5B 2K3, Canada

Phone:   (416) 979-5000 Ext 6109
Fax:     (416) 979-5280
Email:   phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org
URL:     http://www.ee.ryerson.ca/~phiscock
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list