Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: alec () dakotacom net (Alec Kosky)
Date: Thu, 16 Jul 1998 22:48:40 -0700
On 17-Jul-98 Craig Spannring wrote:
C should not be used for trusted programs. The lack of true arrays with array bounds checking alone makes it too hazardous. How many buffer overflow attacks would we hear about if the trusted server programs were written using a language with bounds checking like Modula-2 or Ada? Zero.
I like Ada's super-tight type, although at times it's trying, to say the least. The only major complaint I have against it is the lack of widespread support for it. I have only found one *nix-based compiler (GNAT), and I was not too impressed with it. I haven't used it extensively, so I can't comment on too much, but from what I remember it didn't have a large set of libraries. Perhaps things have changed in the past year... On the DOS/Windows based side of things, the situation is only slightly better (last I knew). The only two decent (but commercial) compilers that I knew of were the Meridian Ada compiler and the Janus Ada compiler, and the Meridian was by far the superior. This brings me to the point: Yes, choosing a language like Ada for secure trusted programs is to be preferred (although nothing can compensate for poor coding technique), there is a definite need for more support. What is the current state of Ada compiler technology looking like? Have things changed much? --Alec--
Current thread:
- EMERGENCY: new remote root exploit in UW imapd Anonymous (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Perry E. Metzger (Jul 16)
- Writing safe code: Java? (was: Re: EMERGENCY: new remote root Art Werschulz (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alec Kosky (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 17)
- Buffer overflows. was Re: EMERGENCY: new remote root exploit in Craig Spannring (Jul 17)
- Re: Buffer overflows. was Re: EMERGENCY: new remote root exploit Geoffrey KEATING (Jul 19)
- Re: EMERGENCY: new remote root exploit in UW imapd FanLi Tai (Jul 18)
- Re: EMERGENCY: new remote root exploit in UW imapd Brett Lymn (Jul 19)
- Re: EMERGENCY: new remote root exploit in UW imapd Perry E. Metzger (Jul 16)
- SECURITY: imap-4.1.final now available twiztah (Jul 16)
- Verity/Search'97 Security Problems Jay Soffian (Jul 16)
- New Java Security Flaw Found Gary McGraw (Jul 17)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
- Re: New Java Security Flaw Found Sean Garagan (Jul 20)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
(Thread continues...)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 16)