C considered harmful
Anthony de Boer
adb-tlug-AbAJl/g/NLXk1uMJSBkQmQ at public.gmane.org
Thu Dec 4 18:42:39 UTC 2003
Peter Hiscocks wrote:
> So, it is an interesting challenge to the language writers to create
> something that has the power of the C language and still does (say)
> automatic checking of array bounds.
This idea may be fine within an application, but it breaks down at
security boundaries like the user/kernel interface, since the kernel had
better not trust the user program's claim of the size of an array (this
being an approximation of how Debian got burned), also since the kernel
is dynamically carving out chunks of memory for things, and since "one
man's program is another man's data" (the whole program may be one array
of mere data to the kernel).
There's a lot that can be fixed with opaque handles to structures (eg.
Dan Bernstein's string library as opposed to the traditional C library's
simple char * string implementation); C++ formalizes some such ideas,
but a prudent C programmer can write better code without needing C++'s
extra baggage.
--
Anthony de Boer
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list