Bugtraq mailing list archives
Re: at the risk of another flamefest..
From: ebradley () andromeda rutgers edu (Eugene Bradley)
Date: Mon, 15 Jul 1996 19:09:52 -0400
-----BEGIN PGP SIGNED MESSAGE----- on Jul 16, Peter Jeremy <jeremyp () gsms01 alcatel com au> writes: # It might be worth noting that Richard W.M. Jones <rwmj () doc ic ac uk> # has written some patches to gcc which add fine-grained bounds checking # to C. Sources are in: ftp://dse.doc.ic.ac.uk/pub/misc/bcc # Additional information at: # http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html # http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html # # Unfortunately, the resultant code is substantially slower and is therefore # really only suitable for testing - this seems primarily due to the # requirement for bounds-checked code to fully interwork with non bounds- # checked code. [deletia] # I disagree. Whilst perl at the script level hides array-bounds problems # from the user, it is not a panacea. Firstly, the interpreter itself is # written in C - thus it is possible that the interpreter itself may suffer # from an array-bounds problem. Secondly, it is _very_ large (several times # the size of sendmail) thus violating the KISS principle - which is # particularly important for security tools. If this is is the case, couldn't Larry Wall et al. recompile perl 5 using the above gcc patches? Granted the newly-patched perl interpreter would be a bit slower to compile code, but personally I'd rather take the slowness than to have tons of array bounds problems in my code. If anything, if and when I release such code, I'd personally recommend that code code be tested on single-user workstations before being used on multi-user networks. This would avoid any load problems such code could potentially present on such multi-user systems. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMerPpxskmjHS+zH1AQFt4QP9FDd3BCVHEndOxIbYPCkq2KTf0Ec00K2W PjAgfCkxj5HTMCqBJIKvFRq+w7guCxFyxHntQN3qprO2WOPZp9orbd7NTLGZuIFu +nZMh1gW2A8DdyEdjg7AxNStEmDJ+/ES9z7DFrOUukPuXEgqXS1cGBOgFYNSHKv9 e0/YMkpYk+Y= =rIYH -----END PGP SIGNATURE----- -- Eugene Bradley | finger me for my PGP public key webmaster of misery.winter.org PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E <a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>
Current thread:
- Re: at the risk of another flamefest.. Peter Jeremy (Jul 15)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- identd hole? Brett L. Hawn (Jul 15)
- Re: identd hole? Rob Quinn (Jul 16)
- <Possible follow-ups>
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Mike Neuman (Jul 15)
- Re: at the risk of another flamefest.. Brian Clapper (Jul 16)
- Re: at the risk of another flamefest.. David Miller (Jul 16)
- Re: at the risk of another flamefest.. David Stagner (Jul 16)
- [linux-security] sliplogin David Holland (Jul 16)
- Re: at the risk of another flamefest.. Steve \ (Jul 16)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 16)