From owner-freebsd-current Thu Feb 6 19:16:30 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA26849 for current-outgoing; Thu, 6 Feb 1997 19:16:30 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA26808 for ; Thu, 6 Feb 1997 19:16:20 -0800 (PST) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id SAA19712 for ; Thu, 6 Feb 1997 18:09:27 -0800 (PST) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.5/CET-v2.1) with SMTP id CAA06106; Fri, 7 Feb 1997 02:09:19 GMT Date: Fri, 7 Feb 1997 11:09:19 +0900 (JST) From: Michael Hancock To: Warner Losh cc: current@FreeBSD.ORG Subject: Re: How paranoid is Theo? (was Re: Karl fulminates, film at 11. == , thanks) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 6 Feb 1997, Warner Losh wrote: > : Cool. You can establish a contract of trust between called functions and > : calling functions and not waste time fixing things that aren't > : exploitable. > > That's true to a point, but it takes a lot of time, sometimes, to > establish that path of trust, especially in a large program. And the I see your point. On the other hand, establishing that path of trust would lead to more understanding. (Yeah, I know, time is a luxury) > time isn't wasted (unless you are in firedrill mode) fixing those > buffer overflows. Your programs are just more robust :-). Here are my rankings for three dimensions of software quality: 1) Correctness 2) Performance 3) Robustness Fixing all buffer flows is: 1) Robustness 2) Correctness 3) Performance In some cases, robustness is contrary to correctness. But in this case I guess it isn't so I won't say anymore and we can just agree to disagree. Regards, Mike Hancock