Re: Coding securely, was Linux (in)security

[Brett Hutley <brett () hutley net>]

Chris Eagle wrote:

> > -----Original Message-----
> > From: full-disclosure-admin () lists netsys com
> > [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Paul Schmehl
> > ...
> >
> > But it shouldn't be the job of the writer of a subroutine to verify the
> > inputs.  The writer of a subroutine defines what the appropriate inputs to
> > that routine are, and it's up to the *user* of that subroutine to use it
> > properly.  The entire concept behind OOP is that you cannot know what's in
> > the "black box" you're using.  That makes it incumbent on you as the
>
> *user*
>
> > of a subroutine to use the correct inputs and to *verify* those inputs
>
> when
>
> > necessary.
>
>
> That is the most backward thing I have ever heard.  So you are saying all I
> need to do as a programmer is tell you not to pass a negative number/null
> pointer/un-initialized value... to my function and I am off the hook.  All I
> can say is that I am glad utdallas doesn't have you teaching programming.
> The fact that you are unaware what lies inside the black box in no way
> relieves the responsibility of the designer of the black box to make sure
> that it behaves predictably under all input cases.

So you're saying I don't need to worry if a file pointer is NULL before 
passing it through to fprintf()? So I don't need to worry if an argument 
to strcpy() is NULL? Or are you trying to say that the standard library 
is badly written?

--
Brett Hutley [MAppFin,CISSP,SANS GCIH]
mailto:brett () hutley net
http://hutley.net/brett


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html