[TUHS] buffer overflow (Re: Happy birthday Morris worm

Norman Wilson norman at oclsc.org
Wed Nov 13 08:39:15 AEST 2019

Bakul Shah:

  Unfortunately strcpy & other buffer overflow friendly
  functions are still present in the C standard (I am looking at
  n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?


If you mean `can C be made proof against careless programmers,'
no.  You could try but the result wouldn't be C.  And Flon's
Dictum applies anyway, as always.

It's perfectly possible to program in C without overflowing
fixed buffers, just as it's perfectly possible to program in
C without dereferencing a NULL or garbage pointer.  I don't
claim to be perfect, but before the rtm worm rubbed my nose
in such problems, I was often sloppy about them, and afterward
I was very much aware of them and paid attention.

That's all I ask: we need to pay attention.  It's not about
tools, it's about brains and craftmanship and caring more
about quality than about feature count or shiny surfaces
or pushing the product out the door.

Which is a good bit of what was attractive about UNIX in
the first place--that both its ideas and its implementation
were straightforward and comprehensible and made with some
care.  (Never mind that it wasn't perfect either.)

Too bad software in general and UNIX descendants in particular
seem to have left all that behind.

Norman Wilson
Toronto ON

PS: if you find this depressing, cheer yourself up by watching
the LCM video showing off UNICS on the PDP-7.  I just did, and
it did.

More information about the TUHS mailing list