Date: Wed, 22 Jul 1998 18:23:24 -0400 From: Brian Cully <shmit@kublai.com> To: Brett Glass <brett@lariat.org>, "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <19980722182324.26248@kublai.com> In-Reply-To: <199807211859.MAA14931@lariat.lariat.org>; from Brett Glass on Tue, Jul 21, 1998 at 12:58:59PM -0600 References: <Your <199807211120.FAA07335@lariat.lariat.org> <8134.901020116@time.cdrom.com> <199807211859.MAA14931@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 21, 1998 at 12:58:59PM -0600, Brett Glass wrote: > In the meantime, there are some things that can be done even with the > code still written in C. we can (and must!) bite the bullet and kick sprintf, > vsprintf, and similar functions OUT of the libraries. Yes, it'll be a > bit of a pain, but... no pain, no gain. Uhh... what? I seriously hope you're not suggesting that programmers should not have access to the various un-bounds-checked functions. I know that when I program, I instinctively put an `n' in my function calls, but sometimes that's not possible, so I make sure that arrays are bounds-checked before going into the call. Any reasonable programmer will flinch at using the un-checked versions of the calls and do his damndest to make sure there's no overflow condition. Sure, there are bad programmers out there, who don't bother with the appropriate steps, but that doesn't mean the good ones should suffer. -- Brian Cully <shmit@erols.com> ``And when one of our comrades was taken prisoner, blindfolded, hung upside-down, shot, and burned, we thought to ourselves, `These are the best experiences of our lives''' -Pathology (Joe Frank, Somewhere Out There) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980722182324.26248>