Secure Coding mailing list archives

Re: opinion, ACM Queue: Buffer Overrun Madness

From: ljknews <ljknews () mac com>
Date: Tue, 08 Jun 2004 21:44:09 +0100

At 1:10 PM -0400 6/8/04, Jose Nazario wrote:

thought some of you may find this editorial from the May 04 ACM Queue
worth a read. ACM Queue is an interesting magazine and has a website at
acmqueue.org.

Buffer Overrun Madness

ACM Queue vol. 2, no. 3 - May 2004
by Rodney Bates, Wichita State University

Why do good programmers follow bad practices?

In January 2003, the Slammer worm was reported to be the fastest spreading
ever. Slammer gets access by exploiting a buffer overrun. If you peruse
CERT (Computer Emergency Readiness Team) advisories or security upgrade
releases, you will see that the majority of computer security holes are
buffer overruns. These would be minor irritations but for the world's
addiction to the weakly typed programming languages C and its derivative
C++.


And yet this mailing list, supposedly devoted to secure coding,
seem polarized around the notion of shoring up those languages.

Current thread:

opinion, ACM Queue: Buffer Overrun Madness Jose Nazario (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
  - Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
    - Re: opinion, ACM Queue: Buffer Overrun Madness Kenneth R. van Wyk (Jun 09)
    - RE: opinion, ACM Queue: Buffer Overrun Madness Alun Jones (Jun 09)
    - RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
    - Re: opinion, ACM Queue: Buffer Overrun Madness Blue Boar (Jun 10)
    - Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
    - Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
    - Re: opinion, ACM Queue: Buffer Overrun Madness David Eisner (Jun 09)
- <Possible follow-ups>
- RE: opinion, ACM Queue: Buffer Overrun Madness Peter Amey (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Gary McGraw (Jun 09)

(Thread continues...)