From owner-freebsd-security Wed Jul 22 15:23:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA08564 for freebsd-security-outgoing; Wed, 22 Jul 1998 15:23:53 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from coleridge.kublai.com (coleridge.kublai.com [207.96.1.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA08554 for ; Wed, 22 Jul 1998 15:23:46 -0700 (PDT) (envelope-from shmit@natasya.kublai.com) Received: from natasya.kublai.com (natasya.kublai.com [207.172.25.236]) by coleridge.kublai.com (8.8.8/8.8.8) with ESMTP id SAA03941; Wed, 22 Jul 1998 18:23:25 -0400 (EDT) (envelope-from shmit@natasya.kublai.com) Received: (from shmit@localhost) by natasya.kublai.com (8.8.8/8.8.8) id SAA03139; Wed, 22 Jul 1998 18:23:24 -0400 (EDT) Message-ID: <19980722182324.26248@kublai.com> Date: Wed, 22 Jul 1998 18:23:24 -0400 From: Brian Cully To: Brett Glass , "Jordan K. Hubbard" Cc: security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Reply-To: shmit@kublai.com References: <8134.901020116@time.cdrom.com> <199807211859.MAA14931@lariat.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89i In-Reply-To: <199807211859.MAA14931@lariat.lariat.org>; from Brett Glass on Tue, Jul 21, 1998 at 12:58:59PM -0600 X-Sender: If your mailer pays attention to this, it's broken. X-PGP-Info: finger shmit@kublai.com for my public key. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jul 21, 1998 at 12:58:59PM -0600, Brett Glass wrote: > In the meantime, there are some things that can be done even with the > code still written in C. we can (and must!) bite the bullet and kick sprintf, > vsprintf, and similar functions OUT of the libraries. Yes, it'll be a > bit of a pain, but... no pain, no gain. Uhh... what? I seriously hope you're not suggesting that programmers should not have access to the various un-bounds-checked functions. I know that when I program, I instinctively put an `n' in my function calls, but sometimes that's not possible, so I make sure that arrays are bounds-checked before going into the call. Any reasonable programmer will flinch at using the un-checked versions of the calls and do his damndest to make sure there's no overflow condition. Sure, there are bad programmers out there, who don't bother with the appropriate steps, but that doesn't mean the good ones should suffer. -- Brian Cully ``And when one of our comrades was taken prisoner, blindfolded, hung upside-down, shot, and burned, we thought to ourselves, `These are the best experiences of our lives''' -Pathology (Joe Frank, Somewhere Out There) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message