C considered harmful

Peter L. Peres plp-ysDPMY98cNQDDBjDh4tngg at public.gmane.org
Thu Dec 4 19:34:34 UTC 2003

On Thu, 4 Dec 2003, Anthony de Boer wrote:

> Peter Hiscocks wrote:
> > So, it is an interesting challenge to the language writers to create
> > something that has the power of the C language and still does (say)
> > automatic checking of array bounds.
> This idea may be fine within an application, but it breaks down at
> security boundaries like the user/kernel interface, since the kernel had
> better not trust the user program's claim of the size of an array (this

And it does not. The kernel invariably verifies the access rights on the
passed data field, whose size is explicitly passed to the kernel, before
doing anything else. If it does not, then there is a bug in the kernel,
not in C.

The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list