Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listin

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listin

From:	Aaron Bentley
Subject:	Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files
Date:	Thu, 23 Sep 2004 10:41:01 -0400
User-agent:	Mozilla Thunderbird 0.5 (X11/20040309)

Adrian Irving-Beer wrote:

Hmm.... since we care about security, wouldn't it be better to use
something else than C (like something where buffer-overflows are
simply not possible)? Maybe Perl, Python, Scheme, Elisp, or ... ?



I think C is safe if you make sure all your operations on string
buffers carefully cap the size, and don't do weird junk with pointers.

Whereas it's very difficult to produce a buffer overflow in a scriptinglanguage.

In fact, even though I know all those languages can be generally close
to 100% safe for this operation, technically a 'safe' C script would
still be safer because every single operation is explicitly stated,
rather than left up to the interpretor (i.e. unknown and with
potential to change).

If you want that kind of 'safety', better write in in assembler. Orbetter yet, machine code. You can never be sure about the libraries.And the kernel. Better write your own. And the processor....

Okay, it's true that reducing the number of layers reduces the number oflayers that may contain bugs. But the more you write, the more bugs*you*'re likely to produce. And scriping languages have already hadmany bugs fixed.

A program written in a scripting language would be much shorter. Manyscripting languages have operations to decode URL encoding, for example.Using a well-tested URL-decoding routine is usually the right choice.This CGI program has its own built-in hex-string-to-integer decoder,even though the standard C facilities can do that, and are thoroughlytested. The program may be safe, but it's so full of gotos and macrosthat I can't read it.

As for startup time, I doubt it's significant, considering the latencyinvolved in HTTP connections. Options like FastCGI or mod_perl may behelpful to reduce that, *if* it's an issue.


I say all this as the lead developer of a large CGI program written in C++.

Aaron

--
Aaron Bentley
Director of Technology
Panometrics, Inc.

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnu-arch-users] Tlacontrib contribution: Alternative to .listing files, Jan Hudec, 2004/09/22
- Re: [Gnu-arch-users] Tlacontrib contribution: Alternative to .listing files, Johannes Berg, 2004/09/22
  - Re: [Gnu-arch-users] Tlacontrib contribution: Alternative to .listing files, Jan Hudec, 2004/09/22
    - Re: [Gnu-arch-users] Tlacontrib contribution: Alternative to .listing files, John Meinel, 2004/09/22
    - Re: [Gnu-arch-users] Tlacontrib contribution: Alternative to .listing files, Jan Hudec, 2004/09/23
    - [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files, Stefan Monnier, 2004/09/22
    - Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files, Jan Hudec, 2004/09/23
    - Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files, Adrian Irving-Beer, 2004/09/23
    - Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files, Aaron Bentley <=
    - Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files, Adrian Irving-Beer, 2004/09/23
    - Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files, Aaron Bentley, 2004/09/23
    - Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files, Stefan Monnier, 2004/09/23

Prev by Date: Re: [Fwd: Re: [Gnu-arch-users] Re: tla undo - tla commit eats existing log]
Next by Date: Re: [Gnu-arch-users] Imminent 1.2.2 Release
Previous by thread: Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files
Next by thread: Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files
Index(es):
- Date
- Thread