Re: opinion, ACM Queue: Buffer Overrun Madness

[Crispin Cowan <crispin () immunix com>]

David Crocker wrote:


Apart from the obvious solution of choosing another language, there are at least
two ways to avoid these problems in C++:

1. Ban arrays (to quote Marshall Cline's "C++ FAQ Lite", arrays are evil!). Use
...
2. If you really must have naked arrays, ban the use of indexing and arithmetic
on naked pointers to arrays (i.e. if p is a pointer, then p[x], p+x, p-x, ++p
 

If you want safer C and you want the compiler to enforce it, and you 
don't mind having to re-write your code some, then use one of the safer 
C dialects (CCured <http://manju.cs.berkeley.edu/ccured/> and Cyclone 
<http://www.research.att.com/projects/cyclone/>). These tools provide a 
nice mid-point in the amount of work you have to do to reach various 
levels of security in C/C++:


   * low security, low effort
         o do nothing
         o code carefully
         o apply defensive compilers, e.g. StackGuard
         o apply code auditors, e.g. RATS, Flawfinder
         o port code to safer C dialects like CCured and Cyclone
         o re-write code in type safe languages like Java and C#
         o apply further code security techniques, e.g. formal theorem
           provers WRT a formal spec
   * high security, high effort

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com