Date: Fri, 17 Jul 1998 16:40:33 -0700 (PDT) From: "Jonathan M. Bresler" <jmb> To: cts@internetcds.com (Craig Spannring) Cc: bugtraq@netspace.org, nobody@replay.com, freebsd-security@FreeBSD.ORG Subject: Re: Buffer overflows. was Re: EMERGENCY: new remote root exploit in UW imapd Message-ID: <199807172340.QAA16849@hub.freebsd.org> In-Reply-To: <199807172249.PAA11364@bangkok.office.cdsnet.net> from Craig Spannring at "Jul 17, 98 03:49:02 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Craig Spannring wrote:
[snip]
> People that say eliminating buffer overflows won't have much benefit
> need to examine some data. I took a look at some recent bugtraq
> messages. Out of 19 security defects 7 of them were buffer overflows,
buffer overflows are in vogue right now.
everyone is looking for them everywhere.
on one hand this is good. lots of people will
learn about them. on the other hand, this distracts
from other problems.
[snip]
> I've repeatedly heard that in the hands of a good programmer that C is
> safe and it is only morons write code with buffer overflows. A lot of
> people seem to think that Eric Allman is a pretty sharp programmer,
yeah...but remember that sendmail has evolved over years
to meet various needs. when eric started writing sendmail
and even years into it, who would have expected the
enviroment sendamil faces today? its really not fair to
eric to pull work from one decade into another.
[snip]
> // Java
> do {
> buf[i] = getNextByteFromNextwork();
> while ('\n' != buf[i++]);
>
> /* C */
> do {
> buf[i] = getNextByteFromNextwork();
> while ('\n' != buf[i++]);
this is time-wrapping again....k & r made the correct decision
at the time. today, is not then. Java is cool...i hope it
will be fast soon.
jmb
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807172340.QAA16849>