Bell Labs or Microsoft security?
Mathew Lodge
Mathew at CPlane.com
Wed Jan 29 19:07:59 UTC 2003
At 08:27 AM 1/29/2003 -0600, Alif The Terrible wrote:
> > > FORTRAN/COBOL array bounds checking. Bell Labs answer: C. Who wants
> > > the computer to check array lengths or pointers. Programmers know what
> > > they are doing, and don't need to be "constrained" by the programming
> > > language. Everyone knows programmers are better at arithmatic than
> > > computers. A programmer would never make an off-by-one error. The
> > > standard C run-time library. gets(char *buffer), strcpy(char *dest, char
> > > *src), what were they thinking?
> >
> > Possibly that bounds checking is an incredible cpu suck
It doesn't have to be, if your compiler is worth its salt. Take a look at
the GNU Ada compiler implementation of bound checking -- incredibly
efficient. There are optimizations and inductive reasoning you can perform
at compile time. Strongly typed programming languages make it easier to
perform those optimizations, which is a major problem for C (everything's a
pointer, right? :-) However, the current language fad is Java, which is
somewhat more strongly typed.
>, there are a great
> > many powerful things you can do in C based on the fact that there is no
> > bounds checking (pointers ARE your friend god damnit :P), and in a world
> > before buffer overflow exploits it probably didn't matter if Joe Idiot's
> > program crashed because he goofed? (hindsight is 20/20)
Not sure if this was ever true for networked applications. The original
Morris ARPANet worm exploited a buffer overrun vulnerability in the BSD
Unix finger daemon. There's no excuse for failing to change behavior, or
not re-visiting bounds checking in compilers & interpreters / virtual
machines (e.g. JVM).
Finally, and rather off-topic, I have yet to come across a C programming
technique that "can't be done" efficiently in, say, Ada -- a language that
usually gives C programmers fits of apoplexy. You just have to know how to
express the solution in that language, rather than forcing a literal
translation of the way it's done in C.
Cheers,
Mathew
More information about the NANOG
mailing list