Bugtraq mailing list archives
Re: at the risk of another flamefest..
From: ebradley () andromeda rutgers edu (Eugene Bradley)
Date: Mon, 15 Jul 1996 17:15:57 -0400
-----BEGIN PGP SIGNED MESSAGE----- Personally, I would say that the security bugs that seem to be popping up lately are a combination of Language of Choice and Bad Programming. Eric Clapton had a hit song in the '80's whose lyrics went, "It's in the way that you use it." One thing I've already learned about C++ and perl programming (lessons of which I've started on my own a couple of weeks ago) is that you have to know when to and when NOT to use bounds checking, as well as how much overflow buffer checking to perform. If some perl source code that I've seen only checked for buffers with this simple code: #!/usr/bin/perl # (Naturally, convert the sample perl code to C{++}) $bufferchar = 255; while (<>) { if ((<>) ge $bufferchar) { die "Buffer overflow -- program terminated. $!\n" } } else [...] then you wouldn't see have the overflowed buffer --> root shell holes that I'm constantly reading about. Naturally, if it's technically feasable, you must use the language you *know* better than language you want to show off your programming skills with. This way you don't accidently introduce any overflowed buffer --> root shell holes in your code. Thanks and forgive my ranting... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMeq0/BskmjHS+zH1AQEv+wP+OWRGryiqb6tag0Wgz+LR5yCC3nM31H6Y mMY92aZOpVmRx7wtLUO3gxbhZFHd5afR4VMizrpcrB+adfdD3tFwcjIx73ocAZX6 RiHt6GF6/FUZqJUSox/DsdDbPoE/6PdzFeeNctpuppjkIOM5IB242bFEu5EJZBI7 UQFGlxcA1xk= =nDkQ -----END PGP SIGNATURE----- -- Eugene Bradley | finger me for my PGP public key webmaster of misery.winter.org PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E <a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>
Current thread:
- Re: at the risk of another flamefest.. Peter Jeremy (Jul 15)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- identd hole? Brett L. Hawn (Jul 15)
- Re: identd hole? Rob Quinn (Jul 16)
- <Possible follow-ups>
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Mike Neuman (Jul 15)
- Re: at the risk of another flamefest.. Brian Clapper (Jul 16)
- Re: at the risk of another flamefest.. David Miller (Jul 16)
- Re: at the risk of another flamefest.. David Stagner (Jul 16)
- [linux-security] sliplogin David Holland (Jul 16)
- Re: at the risk of another flamefest.. Steve \ (Jul 16)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 16)