Re: EMERGENCY: new remote root exploit in UW imapd (fwd)

[multics () WIZVAX WIZVAX NET (Richard Shetron)]

Forwarded message:
> On Jul 16, 11:04pm, Perry E. Metzger (possibly) wrote:
[snip]

> http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html
>
> This is for 2.7.2. Be forewarned that it results in _very_ slow
> programs - an example was cited on the FreeBSD-security mailing list
> as follows (Don.Lewis () tsc tdk com):
[snip]

Languages that start without bounds checking, particulalry C/C++ where
people often use pointers to access elements in an array, may have lots
of overhead from the bounds checking code trying to figure out what it
needs to do.

ie  *(array + 5) may result in much more code for bounds checking in
C then array[5] in a language that supports array bounds checking.
The ability of the compiler to optimize array[5] can make a difference.

I've worked with languages, such as Fortran and PL/1, that do bounds
checking and have tried performance checking by running data with bounds
checking turned on and off.  The differences in these languages in the
programs I used was often less then 10%.


--
Richard Shetron  multics () wizvax net multics () acm rpi edu
                 What is the Meaning of Life?
There is no meaning,
It's just a consequence of complex carbon based chemistry; don't worry about it
The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.