[TUHS] buffer overflow (Re: Happy birthday Morris worm
John P. Linderman
jpl.jpl at gmail.com
Wed Nov 13 11:43:30 AEST 2019
Lorinda Cherry told me that that RTM (senior) used to test people's
programs by feeding them to themselves as input, a.out < a.out. It helped
cure people of the assumption that a program would only see "reasonable"
On Tue, Nov 12, 2019 at 5:40 PM Norman Wilson <norman at oclsc.org> wrote:
> Bakul Shah:
> Unfortunately strcpy & other buffer overflow friendly
> functions are still present in the C standard (I am looking at
> n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?
> If you mean `can C be made proof against careless programmers,'
> no. You could try but the result wouldn't be C. And Flon's
> Dictum applies anyway, as always.
> It's perfectly possible to program in C without overflowing
> fixed buffers, just as it's perfectly possible to program in
> C without dereferencing a NULL or garbage pointer. I don't
> claim to be perfect, but before the rtm worm rubbed my nose
> in such problems, I was often sloppy about them, and afterward
> I was very much aware of them and paid attention.
> That's all I ask: we need to pay attention. It's not about
> tools, it's about brains and craftmanship and caring more
> about quality than about feature count or shiny surfaces
> or pushing the product out the door.
> Which is a good bit of what was attractive about UNIX in
> the first place--that both its ideas and its implementation
> were straightforward and comprehensible and made with some
> care. (Never mind that it wasn't perfect either.)
> Too bad software in general and UNIX descendants in particular
> seem to have left all that behind.
> Norman Wilson
> Toronto ON
> PS: if you find this depressing, cheer yourself up by watching
> the LCM video showing off UNICS on the PDP-7. I just did, and
> it did.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the TUHS