Mirsad Todorovac wrote:
Adriaan van Os wrote:
Mirsad Todorovac wrote:
I see. I realize adding security measures drastically impacts performance (such as making all pointers "volatile" variables which cannot go to registers), but having an important system brought down on it's knees by undetected buffer overrun in an application will hurt me more both as a system administrator and as a software developer than the 20% decrease in program speed. IMHO.
Back to reality. You are not obliged to build buffer overruns into your software, are you ?
Reality is that I have done so, looking back at the times 10 years ago when I was writing CGI programs. Effectivelly, I have opened access to shell to an intruder. The fact that it did not happen is pure luck.
(But so did Mr. Brian Kennighan, right? With introducing gets() that cannot be protected from overruns he was laying the system's security on wrong assumtion. And I deeply respect him and do not think he was stupid or incompetent. Simply the users were different at that time, and they were behaving.)
I was laying my code on wrong assumptions on safety, extensivelly using strcpy(), memcpy() and similar functions that leak the water. I assume that novice programmers would do the same (of course, today CGI is mostly replaced by PHP and perl "preempted" C for the purpose, but then again leaving the possibility to write CGI programs that leak is a bad security policy. Disabling them completely is something I do not prefer since we are University and that would cripple student's opportunity ot learn. Even learn on errors). Then, having instelled a CGI program that has security hole without knowing that, I could rely only on obscurity of code to keep the attackers away.
Looking at Microsoft policy of obscurity that simply does not work and we are brought down to our knees with every new kind of virus I came to think something ought to be done on system level. Essentially, using Perl or Java would eliminate 95% of buffer overruns implicite.
Of all this talk I will summarize with the fact that programs nowadays are written by a larger community than 30 or 40 years ago languages like Pascal have been designed. And even experienced programmers are pushed with deadlines to implement more and more features on the fly and without propper planning and testing.
So, Mr. van Os, I would like Pascal to prevent me from shooting my own leg in some very stupid mistakes.
The result will be that you get careless with your gun, because of its built-in safety precautions. And then one day you will accidentally shoot yourself through the head (which is worse), because someone forgot to implement a tiny detail in the gun's safety module ....
Regards,
Adriaan van Os