C considered harmful: was Debian attacker may have used new exploit

Henry Spencer henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
Thu Dec 4 04:30:28 UTC 2003 

On Wed, 3 Dec 2003, Peter Hiscocks wrote:
> This exploit, like others against Unix machines many years ago, was based on
> a buffer overflow dumping the user into supervisor space.

Actually, no, as I understand it (with the caveat that I haven't really
gone investigating), this one is *not* a buffer overflow, exactly.  It's
the result of *integer* overflow in (essentially) a buffer-overflow check. 
A language with automatic buffer-overflow checks could easily have the
same vulnerability, if the implementor wasn't careful. 

> This, in turn, is
> a direct result of the fact that the C programming language does not check
> or enforce limits on a string length or buffer size - that's left up to the
> individual programmer.

As has often been said, C gives you all the rope you need to hang yourself.

> After all, C is not so much a systems programming language as a high-level
> version of assembly language.

Oddly enough, it has pushed most "real" systems programming languages out
of the business.  And this is *not* because of sharp marketing tactics or
firm backing by a big organization or dot-com hype -- quite the contrary. 
It succeeded because people with work to do find it easier to get results
in C than in "real" systems programming languages, and so it spread and
prospered despite inept or nonexistent marketing, uncertain support, and a
marked dearth of hype. 

It behooves people who aspire to design systems programming languages to
*PAY* *ATTENTION* *DAMMIT*, rather than just casting aspersions on the
intelligence and judgement of the customer.  It is their own damn fault;
their languages keep failing, and C keeps succeeding despite its nasty
flaws, because they keep ignoring the needs of the real language users. 
People went with C because it did what they wanted, instead of telling
them they shouldn't want that.

> Years ago, Philipe Khan of Borland said that 'C is a disease and the
> Americans are spreading it.' Maybe he had this kind of thing in mind.

I don't think it is impossible to keep C's virtues while eliminating its
more grievous faults.  But it will not be done by people who look down
their long aristocratic noses at C, and scorn it as a peasant's language
of no interest to them. 

                                                          Henry Spencer
                                                       henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org


--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list