Bugtraq mailing list archives
Re: Buffer overflows. was Re: EMERGENCY: new remote root exploit
From: geoffk () DISCUS ANU EDU AU (Geoffrey KEATING)
Date: Mon, 20 Jul 1998 13:23:42 +1000
Date: Fri, 17 Jul 1998 15:49:02 -0700 From: Craig Spannring <cts () INTERNETCDS COM>
The responses I've gotten can be grouped into the following broad categories- 1) Life would be good if we eliminated C and we will. 2) Life would be good if we eliminated C, but we can't. 3) C is the only language fast enough. 3) Eliminating buffer overflows is nice, but won't solve most of the problems. 3) You can write safe code in C using strncpy, snprintf, et al. 4) Only morons write code with buffer overflows 5) Modula-2 and Ada suck and you do you.
You missed one: 5) Modula-2 and Ada are just as insecure if you turn off array bounds checking. The language is not the problem; it's the absence of array bounds checking. There are a number of C compilers that will check your bounds for you, there's even a modified gcc that will do this. -- Geoff Keating <Geoff.Keating () anu edu au>
Current thread:
- EMERGENCY: new remote root exploit in UW imapd Anonymous (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Perry E. Metzger (Jul 16)
- Writing safe code: Java? (was: Re: EMERGENCY: new remote root Art Werschulz (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alec Kosky (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 17)
- Buffer overflows. was Re: EMERGENCY: new remote root exploit in Craig Spannring (Jul 17)
- Re: Buffer overflows. was Re: EMERGENCY: new remote root exploit Geoffrey KEATING (Jul 19)
- Re: EMERGENCY: new remote root exploit in UW imapd FanLi Tai (Jul 18)
- Re: EMERGENCY: new remote root exploit in UW imapd Brett Lymn (Jul 19)
- Re: EMERGENCY: new remote root exploit in UW imapd Perry E. Metzger (Jul 16)
- SECURITY: imap-4.1.final now available twiztah (Jul 16)
- Verity/Search'97 Security Problems Jay Soffian (Jul 16)
- New Java Security Flaw Found Gary McGraw (Jul 17)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
- Re: New Java Security Flaw Found Sean Garagan (Jul 20)
- Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy Fred Donck (Jul 20)
- N-Base Vulnerability Advisory TTSG (Jul 20)
- IRIX 6.4 ioconfig(1M) and disk_bandwidth(1M) Vulnerability SGI Security Coordinator (Jul 20)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
(Thread continues...)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 16)