[CrackMonkey] Another nail in the Pine coffin

Paul J Collins sneakums at eircom.net
Sat Sep 30 20:12:07 PDT 2000 

>>>>> "Aaron" == Aaron Lehmann <aaronl at vitelus.com> writes:

    Aaron> On Sun, Oct 01, 2000 at 03:07:23AM +0100, Paul J Collins wrote:
    >> >>>>> "Aaron" == Aaron Lehmann <aaronl at vitelus.com> writes:
    Aaron> It seems that you misunderstand the purpose of my
    Aaron> example. I do not attempt to prove that the functions
    Aaron> cannot or are not used unsafely within pine, but rather the
    Aaron> assumption that becuase something uses the functions that
    Aaron> it must be insecure.

I interpreted the forwarded document to mean that Pine used the
vulnerable functions so much that it would not be practical to prove
that Pine does not have securuty holes.  While you cannot definitively
``prove'' that for any program, Pine makes it more dofficult to make
even a vague assessment as to its portability.

    >> Your comment about the ``broken operating system'' puzzles me.  Are
    >> you referring to Unix?  If so, which one?  All of them?

    Aaron> This commeant was meant to say that if there was a security
    Aaron> hole the example it would probably be due to a bug in the
    Aaron> operating system. I never assume that such a bug exists in
    Aaron> any operating system, only that there are security holes
    Aaron> that can exist even when _your_ code is perfect.

Well, it would have been better to say that explicity, rather than
relying on dullards like to me to intuit your meaning.

    >> By the way, use of the integer constant 0 for '\0' is not a
    >> good idea.  Say what you mean.

    Aaron> I tend to use these two interchangably. If there was a
    Aaron> general consensus that one of them was used for character
    Aaron> constants and one was not, I would definately use them
    Aaron> distinctively. Since 0, NULL, and '\0' are all used
    Aaron> commonly to mean "null character", it seems to me that
    Aaron> there is no reason to presume anything from which variant
    Aaron> is used. Since I don't expect anyone to derive any meaning
    Aaron> from which variant of 0 I use, there is no reason to favor
    Aaron> any one in particular for a current situation at this time.

NULL is the null pointer.  0 is integer zero.  0.0 is floating point
zero.  '\0' is ASCII NUL.  Your code may work if they are
interchanged, but I maintain that is better to say what you mean.

    Aaron> Furthermore, I despise the backslash as a "magic" character
    Aaron> in a string or character constant that is not interpreted
    Aaron> literally. When possible, I like to make strings as literal
    Aaron> as possible.

Your feelings about the use of magic characters don't really have any
bearing on it.  There are correct usages in each case.

(As an aside, how would you straightforwardly represent NL, CR, BS or
NUL in a string or character constant without recourse to magic
characters?)

-- 
Paul Collins <sneakums at eircom.net> - - - - - [ A&P,a&f ]
 GPG: 0A49 49A9 2932 0EE5 89B2  9EE0 3B65 7154 8131 1BCD
``Attention all MP3s: resistance is futile.
  You will be vorbized.''

More information about the Crackmonkey mailing list