BSIMM: Confessions of a Software SecurityAlchemist(informIT)

[gem at cigital.com (Gary McGraw)]

hi guys,

I think there is a bit of confusion here WRT "root" problems.  In C, the main problem is not simply strings and string 
representation, but rather that the "sea of bits" can be recast to represent most anything.  The technical term for the 
problem is the problem of type safety.  C is not type safe.

Building secure software in a non type safe language is much harder than building secure software in a type safe 
language (like Java or C#).

gem
(still supposedly on vacation in SC)

http://www.cigital.com/~gem


On 3/22/09 2:30 PM, "Steven M. Christey" <coley at linus.mitre.org> wrote:



On Sat, 21 Mar 2009, ljknews wrote:

> The root problem (and I do not care about the terminology)
> is that the C programming language promotes the use of
> uncounted strings.

I'd rephrase that because buffer overflows apply to many other data types
besides strings.  Anything using an array of pointer arithmetic is
potentially subject to overflows.  I have little doubt that when you
launch 200 simultaneous connections against a bunch of applications, some
of them will crash because the programmer only allocated enough memory to
store 100 connections at once.  A lot of the IOCTL overflows going on
right now are more about malformed data structures than strings, as are
many of the file format vulns.

- Steve
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________