[CrackMonkey] Another nail in the Pine coffin
Paul J Collins
sneakums at eircom.net
Sat Sep 30 20:16:49 PDT 2000
>>>>> "Bad" == Bad <mr.bad at pigdog.org> writes:
>>>>> "PJC" == Paul J Collins <sneakums at eircom.net> writes:
PJC> Your contrived example does not prove that every use of those
PJC> functions in Pine is safe and not prone to buffer overflows.
Bad> Well, did anyone say they were? He just said that careful use
Bad> of the functions can avoid B.O.
His example wasn't even ``careful use''. It was contrived junk that
no-one who thought in a straight line, or even in two or three
dimensions, would ever write.
Bad> I find the idea that programs that use strcpy, strcat and
Bad> sprintf are fundamentally insecure to be ABSURD.
I didn't agree with that view point. However, functions that are easy
to use misuse and often are make it more difficult to determine
whether a program is easily compromised or not.
PJC> By the way, use of the integer constant 0 for '\0' is not a
PJC> good idea. Say what you mean.
Bad> Yeah, but it's also extremely widespread C usage. Sure, it's
Bad> a pain for people doing new multi-byte character set ports,
Bad> but fuck them. 7-bit character types were good enough for my
Bad> father, and they're good enough for me!
char can be an 8-bit type. It depends on your implementation.
--
Paul Collins <sneakums at eircom.net> - - - - - [ A&P,a&f ]
GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD
``Attention all MP3s: resistance is futile.
You will be vorbized.''
More information about the Crackmonkey
mailing list