PHWinfo - Afficher un message - Re: Bug/Gross InEfficiency in HeathField's fgetline program

18/10/2007, 06h51

[ I already wrote a long reply to this, but the newsreader crashed on send
(no, I did *not* write the newsreader, and no, I *will* not write a
newsreader). I don't have time to reconstruct the whole reply. This is a
rather polite summary of my previous, very short-tempered reply. ]

Tor Rustad said:

<snip>

> Amazing, I was *not* hiring someone to protect *apples*, *crown* or
> looking for a clueless in security, unable to identify *common* errors.

(a) you were *not* hiring *anyone*. You were taking part in a Usenet
discussion.
(b) if you think I'm clueless, why bother to continue this discussion?
(c) what if I think /you/ are clueless, unable to recognise *common* sense?

> For an introduction to basic security principles, see e.g. [1]:
>
> "Principle 32. Identify and prevent common errors and vulnerabilities
>
> Discussion: Many errors reoccur with disturbing regularity - errors such
> as buffer overflows, race conditions, format string errors, failing to
> check input for validity, and programs being given excessive privileges.
> Learning from the past will improve future results."

In my experience, the following bug is far more common than strncpy:

char *t;

strcpy(t, s);

The bug here is in failing to allocate *any storage at all* for t. I have
seen this happen in production code far more than I have seen strncpy
misused (or indeed used at all). In fact, I have seen what we might call
"the char * bug" (if only there weren't so many other bugs that could
easily have the same name) so often that it definitely counts as
disturbing regularity.

If you ban strncpy, logically you have to ban char * too, because it's a
far greater risk. To do otherwise is to be guilty of rearranging the
deckchairs on the Titanic.

<snip>

> The *relevant point*, is that this C function has been misused a lot,
> and a buffer overflow can result in a total compromise of a computer
> system. The probability of misuse, isn't low either.

So ban pointers. They cause far more trouble than strncpy.

FCOL, Tor. Wake up and smell the real risk - clueless programmers, hired by
witless buffoons because they have good hair and a good CV.

--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999

18/10/2007, 06h51	#2
Richard Heathfield Messages: n/a Hébergeur:	Re: Bug/Gross InEfficiency in HeathField's fgetline program [ I already wrote a long reply to this, but the newsreader crashed on send (no, I did not write the newsreader, and no, I will not write a newsreader). I don't have time to reconstruct the whole reply. This is a rather polite summary of my previous, very short-tempered reply. ] Tor Rustad said: <snip> > Amazing, I was not hiring someone to protect apples, crown or > looking for a clueless in security, unable to identify common errors. (a) you were not hiring anyone. You were taking part in a Usenet discussion. (b) if you think I'm clueless, why bother to continue this discussion? (c) what if I think /you/ are clueless, unable to recognise common sense? > For an introduction to basic security principles, see e.g. [1]: > > "Principle 32. Identify and prevent common errors and vulnerabilities > > Discussion: Many errors reoccur with disturbing regularity - errors such > as buffer overflows, race conditions, format string errors, failing to > check input for validity, and programs being given excessive privileges. > Learning from the past will improve future results." In my experience, the following bug is far more common than strncpy: char t; strcpy(t, s); The bug here is in failing to allocate any storage at all* for t. I have seen this happen in production code far more than I have seen strncpy misused (or indeed used at all). In fact, I have seen what we might call "the char * bug" (if only there weren't so many other bugs that could easily have the same name) so often that it definitely counts as disturbing regularity. If you ban strncpy, logically you have to ban char * too, because it's a far greater risk. To do otherwise is to be guilty of rearranging the deckchairs on the Titanic. <snip> > The relevant point, is that this C function has been misused a lot, > and a buffer overflow can result in a total compromise of a computer > system. The probability of misuse, isn't low either. So ban pointers. They cause far more trouble than strncpy. FCOL, Tor. Wake up and smell the real risk - clueless programmers, hired by witless buffoons because they have good hair and a good CV. -- Richard Heathfield <http://www.cpax.org.uk> Email: -http://www. +rjh@ Google users: <http://www.cpax.org.uk/prg/writings/googly.php> "Usenet is a strange place" - dmr 29 July 1999