[CrackMonkey] Another nail in the Pine coffin

[Aaron Lehmann]

On Sun, Oct 01, 2000 at 03:07:23AM +0100, Paul J Collins wrote:
> >>>>> "Aaron" == Aaron Lehmann <aaronl at vitelus.com> writes:
> Your contrived example does not prove that every use of those
> functions in Pine is safe and not prone to buffer overflows.  It is
> only safe because you /know/ that the input to strcpy is
> NUL-terminated.  Are you prepared to check every usage of these risky
> functions in Pine?  Is any other Pine user?  Are the authors of Pine?

It seems that you misunderstand the purpose of my example. I do not
attempt to prove that the functions cannot or are not used unsafely
within pine, but rather the assumption that becuase something uses the
functions that it must be insecure.

> Your comment about the ``broken operating system'' puzzles me.  Are
> you referring to Unix?  If so, which one?  All of them?

This commeant was meant to say that if there was a security hole the
example it would probably be due to a bug in the operating system. I
never assume that such a bug exists in any operating system, only that
there are security holes that can exist even when _your_ code is
perfect.

> By the way, use of the integer constant 0 for '\0' is not a good idea.
> Say what you mean.

I tend to use these two interchangably. If there was a general
consensus that one of them was used for character constants and one
was not, I would definately use them distinctively. Since 0, NULL, and
'\0' are all used commonly to mean "null character", it seems to me
that there is no reason to presume anything from which variant is
used. Since I don't expect anyone to derive any meaning from which
variant of 0 I use, there is no reason to favor any one in particular
for a current situation at this time.

Furthermore, I despise the backslash as a "magic" character in a
string or character constant that is not interpreted literally. When
possible, I like to make strings as literal as possible.