From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 109fba,df854b5838c3e14
X-Google-Attributes: gid109fba,public
X-Google-Thread: 103376,df854b5838c3e14
X-Google-Attributes: gid103376,public
X-Google-Thread: 10db24,fec75f150a0d78f5
X-Google-Attributes: gid10db24,public
X-Google-Thread: 1014db,df854b5838c3e14
X-Google-Attributes: gid1014db,public
From: seebs@solutions.solon.com (Peter Seebach)
Subject: Re: ANSI C and POSIX (was Re: C/C++ knocks the crap out of Ada)
Date: 1996/04/09
Message-ID: <4kf4fn$bsr@solutions.solon.com>#1/1
X-Deja-AN: 146647532
references: <JSA.96Feb16135027@organon.com> <dewar.829054330@schonberg>
 <4ke0ciINNgg8@keats.ugrad.cs.ubc.ca> <EACHUS.96Apr9184019@spectre.mitre.org>
organization: Usenet Fact Police (Undercover)
reply-to: seebs@solon.com
newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.edu
Date: 1996-04-09T00:00:00+00:00
List-Id: <comp.lang.ada>

In article <EACHUS.96Apr9184019@spectre.mitre.org>,
Robert I. Eachus <eachus@spectre.mitre.org> wrote:
>    I hope that everyone following this thread knows that this
>"undefined" behavior lead to one of the security holes exploited by
>the Morris Internet worm.

No, it quite definitely isn't.  The worm mostly used the function gets().

>    Undefined only means unusable in some contexts, and if the C read
>had a way to know the size of the buffer passed, that particular
>security hole would not have existed.

C does not have a read() function.  read() is a feature of Unix or
POSIX-like systems.

The worm bug had nothing to do with the vague semantics of read.  (I've
talked about this with Robert.  I still believe the code was incorrect,
and he does not deny this, but I would have to say that he's right -
the standard should be explicit about the requirements of read(), and
the C standard should likewise be specific about the requirements of
the buffer passed to fgets(), et al.)

The bug that caused the worm to be dangerous was that gets() has no
way of determining that there are buffer problems.  Good implementations
will give you a diagnostic message if you use gets().

(Well, NetBSD does.)

-s
-- 
Peter Seebach - seebs@solon.com - Copyright 1996 Peter Seebach.
C/Unix wizard -- C/Unix questions? Send mail for help.  No, really!
FUCK the communications decency act.  Goddamned government.  [literally.]
The *other* C FAQ - http://www.solon.com/~seebs/c/c-iaq.html