Date: Sat, 15 Aug 1998 00:13:39 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: joes@shasta.wstein.com (Joseph Stein) Cc: brett@lariat.org, mike@smith.net.au, hackers@FreeBSD.ORG Subject: Re: 64-bit time_t Message-ID: <199808150013.RAA29219@usr04.primenet.com> In-Reply-To: <199808141746.KAA20357@shasta.wstein.com> from "Joseph Stein" at Aug 14, 98 10:46:55 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Security is also a safety issue. Use safe tools, and you're less likely > > to create security holes. > > There is no such thing as a "safe" tool. You can write code in assembly > language and still end up with security holes. Until someone writes a > compiler (for *any* compiled language) that will test for every possible > conceivable security holes (volunteers needed...) there will be security > holes in *every* application -- that can be fixed when found, using, the > "unsafe" tool that was used to create it. > > My 2c on this issue. There is a branch path analysis tool in the comp.sources archives which will generate full code coverage tests. It was written as an example of the utility of the object oriented programming model used by C++. Unfortunately, it doesn't work on ANSI C, so you would have to remove the ANSI-isms that have crept into the FreeBSD kernel, or you would have to fix the tool. The tool is not Grammar based, so fixing it would be a bitch. Rewriting it would require a strong mathematical programmer (but I'm busy right now, and all my code that is in C is K&R compilable, unless it's the result of me maintaining already ANSI code). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808150013.RAA29219>