Bugtraq mailing list archives
Re: at the risk of another flamefest..
From: stagda () ncs com (David Stagner)
Date: Mon, 15 Jul 1996 17:07:34 -0500
Peter Jeremy writes:
It might be worth noting that Richard W.M. Jones <rwmj () doc ic ac uk> has written some patches to gcc which add fine-grained bounds checking to C. Sources are in: ftp://dse.doc.ic.ac.uk/pub/misc/bcc Additional information at: http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html Unfortunately, the resultant code is substantially slower and is therefore really only suitable for testing - this seems primarily due to the requirement for bounds-checked code to fully interwork with non bounds- checked code.
Of course, languages such as Modula-2 have successfully and efficiently implemented bounds checking for years. Too bad none of them have caught on to the extent of C.
What we need is a powerful, portable, widely used language that automagically handles bounds checking for us. Sounds like perl to me. :}I disagree. Whilst perl at the script level hides array-bounds problems from the user, it is not a panacea. Firstly, the interpreter itself is written in C - thus it is possible that the interpreter itself may suffer from an array-bounds problem. Secondly, it is _very_ large (several times the size of sendmail) thus violating the KISS principle - which is particularly important for security tools.
I'd agree it is possible that C-based bounds checking problems may exist in the perl interpreter (has anyone checked this?), but I don' think the second criticism is really fair. After all, the perl "interpreter" has most of the facilities of a full compiler. If you wish to level this critique at perl, you must also be prepared to level it at cc (which is also several times larger than sendmail, and probably doing much weirder things than perl). -dave
Current thread:
- Re: at the risk of another flamefest.. Peter Jeremy (Jul 15)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- identd hole? Brett L. Hawn (Jul 15)
- Re: identd hole? Rob Quinn (Jul 16)
- <Possible follow-ups>
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Mike Neuman (Jul 15)
- Re: at the risk of another flamefest.. Brian Clapper (Jul 16)
- Re: at the risk of another flamefest.. David Miller (Jul 16)
- Re: at the risk of another flamefest.. David Stagner (Jul 16)
- [linux-security] sliplogin David Holland (Jul 16)
- Re: at the risk of another flamefest.. Steve \ (Jul 16)
(Thread continues...)