Date: Fri, 17 Jul 1998 18:45:19 +0200 From: Pierre Beyssac <Pierre.Beyssac@hsc.fr> To: Craig Spannring <cts@internetcds.com>, Anonymous <nobody@replay.com> Cc: bugtraq@netspace.org, cert@cert.org, freebsd-security@FreeBSD.ORG, security@bsdi.com Subject: Re: EMERGENCY: new remote root exploit in UW imapd Message-ID: <19980717184518.A11872@mars.hsc.fr> In-Reply-To: <199807170035.RAA05041@bangkok.office.cdsnet.net>; from Craig Spannring on Thu, Jul 16, 1998 at 05:35:04PM -0700 References: <199807162206.AAA30072@basement.replay.com> <199807170035.RAA05041@bangkok.office.cdsnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 16, 1998 at 05:35:04PM -0700, Craig Spannring wrote: > C should not be used for trusted programs. The lack of true arrays Each language has its own weaknesses. Buffer overflows are not the biggest security problem, far from it. Just for an example, consider the number of attacks possible because of badly-written Perl CGI scripts. Blaming programmer incompetence on the language is naive at best. Some languages are certainly safer than others, but no language is safe against programmer errors. > Sometime in the not to distant future there will be a major > catastrophe related to insecure Internet software. Perhaps a major > bank will go broke, perhaps the stock market will be manipulated, I'm > not sure about the specifics but it will happen. There will be a I highly doubt it. Any bug in a program is a potential danger and any program has bugs; this has been a fact of life for years, long before the Internet became mainstream. So much so that people are used to it, thanks to a few major software companies. Avoiding bugs is a software engineering problem. The choice of a language is only a small part of the equation. Furthermore, limiting computer security to a choice of language is really not serious. -- Pierre.Beyssac@hsc.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980717184518.A11872>