Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd (fwd)
From: multics () WIZVAX WIZVAX NET (Richard Shetron)
Date: Tue, 21 Jul 1998 16:43:03 -0400
Forwarded message:
On Jul 16, 11:04pm, Perry E. Metzger (possibly) wrote:
[snip]
http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html This is for 2.7.2. Be forewarned that it results in _very_ slow programs - an example was cited on the FreeBSD-security mailing list as follows (Don.Lewis () tsc tdk com):
[snip] Languages that start without bounds checking, particulalry C/C++ where people often use pointers to access elements in an array, may have lots of overhead from the bounds checking code trying to figure out what it needs to do. ie *(array + 5) may result in much more code for bounds checking in C then array[5] in a language that supports array bounds checking. The ability of the compiler to optimize array[5] can make a difference. I've worked with languages, such as Fortran and PL/1, that do bounds checking and have tried performance checking by running data with bounds checking turned on and off. The differences in these languages in the programs I used was often less then 10%. -- Richard Shetron multics () wizvax net multics () acm rpi edu What is the Meaning of Life? There is no meaning, It's just a consequence of complex carbon based chemistry; don't worry about it The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.
Current thread:
- Re: EMERGENCY: new remote root exploit in UW imapd (fwd) Richard Shetron (Jul 21)