26 Jan
2006
26 Jan
'06
8:22 a.m.
Hi, all!
I have recently studied several forms of viruses and security holes in software. Many if not 90% of recent exploits depend on holes introduced through buffer overruns, such as this C example:
printbuffer() { char buffer[100];
gets (buffer); /* oops!*/ fp = fopen("LPT1:", "w"); fputs (buffer, fp); }
Is Pascal and namely GNU Pascal safer re: buffer overruns? How much does runtime range checking help and to what extent can we depend on it? Is it acceptable to write setuid root programs in GPC and what are the cautions?
Thanks for answers.
Mirsad
"Tvrdim da bi se napetost izmedju znanosti i vjere trebala rijesiti njihovom sintezom, a ne odbacivanjem ili podvojenoscu."
Pierre Teilhard de Chardin (1881-1955)