Vulnerability Development mailing list archives
Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh)
From: Jonathan James <Jonathan () SECURITO SE>
Date: Mon, 25 Sep 2000 09:25:50 +0200
Erm. Yes, in theory. But they still make misstakes in C. Or do you think Linux, BSD, Windows, Solaris etc etc programmers are idiots? C is too dangerous and many faults are made at implementation level. C do require more security audits than other languages, IMHO.
One is not an idiot because one makes a mistake. Although one should not release software that is not thoroughly tested for unexpected input and buffer overflow errors. C does not require more security audits than other languages do if the people who use the language are educated enough and know about the side effects of certain functions and operations. You can't really compare C and Perl, Perl is a High Level Language while C would be categorized as a more Low Level Language.
Also, I fail to see how most buffer overflows could be a design fault, perhaps you use the word in another sense than the one they've teach in the design courses I've taken.
Software Design in Swedish would be called "Mjukvaruteknisk Planering". The purpose of planning your software architecture is to prevent the birth of security holes that are caused by insufficient software planning.
As to compared to "you don't know if there is any flaw in the compiler or libraries your c-program use" ? The dependency problem is not really script specific.
A compiler does not change your software design while a "third party" executor might, and you would be a fool to use untrusted and not fully tested libraries. Jonathan James http://www.securito.se
Current thread:
- Serv-U FTP deals makes connections with www.cat-soft.com, (continued)
- Serv-U FTP deals makes connections with www.cat-soft.com [ KoSaK ] (Sep 22)
- Re: Serv-U FTP deals makes connections with www.cat-soft.com Dimitry Andric (Sep 22)
- Re: CGI scripts in sh Crispin Cowan (Sep 21)
- Re: CGI scripts in sh Gordon Messmer (Sep 21)
- Re: CGI scripts in sh Lincoln Yeoh (Sep 22)
- Re: CGI scripts in sh Crispin Cowan (Sep 23)
- Re: CGI scripts in sh -jf- (Sep 22)
- C versus other languages, round 538 or so (Re: CGI scripts in sh) Bluefish (P.Magnusson) (Sep 23)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Jonathan James (Sep 24)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Bluefish (P.Magnusson) (Sep 25)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Jonathan James (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Bluefish (P.Magnusson) (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Jonathan James (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Bluefish (P.Magnusson) (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Jonathan James (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Reid Nichol (Sep 29)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Adam Clarke (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Ben Galehouse (Sep 30)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Ben Galehouse (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Jonathan James (Sep 27)
- Re: C versus other languages,round 538 or so (Re: CGI scripts in sh) Crispin Cowan (Sep 28)