Date: Tue, 21 Jul 1998 12:58:59 -0600 From: Brett Glass <brett@lariat.org> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <199807211859.MAA14931@lariat.lariat.org> In-Reply-To: <8134.901020116@time.cdrom.com> References: <Your message of "Tue, 21 Jul 1998 05:20:24 MDT." <199807211120.FAA07335@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:21 AM 7/21/98 -0700, Jordan K. Hubbard wrote: >I suspect Theo would disagree with you, but short of switching >everyone over to Java or installing a series of band-aid patches which >only fix _some_ of the problems (and, in security, that really is >locking the door while leaving the window open) I fail to see how you >intend to deal with it in any more pragmatic a fashion. Well, I've looked this week at the possibility of doing a mechanical translation of FreeBSD into a type-safe language with range and bounds checking, then fixing the trouble spots manually. Apparently, there's a company called Reasoning Systems that actually has tools that can do such things. In the meantime, there are some things that can be done even with the code still written in C. we can (and must!) bite the bullet and kick sprintf, vsprintf, and similar functions OUT of the libraries. Yes, it'll be a bit of a pain, but... no pain, no gain. Other exploits will, of course, have to be handled in other ways. But taking a hopeless attitude (i.e. we can't close all the holes right away, so why close any?) is leaving ALL the doors and windows open. And that's worse. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807211859.MAA14931>