Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: C versus other languages, round 538 or so (Re: CGI scripts in sh)

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Mon, 25 Sep 2000 09:34:13 +0200
A well experienced C/C++ programmer knows how to avoid the black holes that
exist in regards to buffer overflows/unexpected input.
All you have to do is to structure and think through your software design
thoroughly before you turn your idea into code.


Erm. Yes, in theory. But they still make misstakes in C. Or do you think
Linux, BSD, Windows, Solaris etc etc programmers are idiots? C is too
dangerous and many faults are made at implementation level. C do require
more security audits than other languages, IMHO.

Also, I fail to see how most buffer overflows could be a design fault,
perhaps you use the word in another sense than the one they've teach in
the design courses I've taken.


As for C v. Perl I would choose C.
Why? Because Perl is an interpreted language, we don't know if there exists
any flaw in the perl interpreter.


As to compared to "you don't know if there is any flaw in the compiler or
libraries your c-program use" ? The dependency problem is not really
script specific.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe
Previous By Date Next
Previous By Thread Next

Current thread: