From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,INVALID_DATE, MSGID_SHORT autolearn=no autolearn_force=no version=3.4.4 Xref: utzoo comp.software-eng:2910 comp.lang.ada:3275 comp.lang.c:26114 comp.lang.fortran:2918 comp.lang.lisp:2819 comp.lang.misc:4161 comp.lang.modula2:2097 comp.lang.pascal:3121 comp.lang.scheme:1091 Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!purdue!gb From: gb@cs.purdue.EDU (Gerald Baumgartner) Newsgroups: comp.software-eng,comp.lang.ada,comp.lang.c,comp.lang.fortran,comp.lang.lisp,comp.lang.misc,comp.lang.modula2,comp.lang.pascal,comp.lang.scheme Subject: problems/risks due to programming language, stories requested Keywords: risk, programming language, story, internet worm, AT&T breakdown Message-ID: <9790@medusa.cs.purdue.edu> Date: 20 Feb 90 22:28:57 GMT Followup-To: poster Organization: Department of Computer Science, Purdue University List-Id: For a research project I am collecting information about the risk of choosing the wrong programming language. In particular I am looking for problems that could have been avoided if another (a better) programming language would have been used. I know of these three such stories: 1. There is the famous story that a Mariner probe got lost because of the Fortran statement `DO 3 I = 1.3' (1.3 instead of 1,3) (see Peter Neumann: A Few Old War Stories Reappear. ACM SIGSOFT 11(5), Oct. 1986, pp. 16-18). It is a nice story but, as far as I know, NASA used Jovial at that time and not Fortran. 2. One of the security holes the Internet Worm took advantage of was in fingerd (the finger deamon). The deamon uses the gets routine for input. This routine, written in C, reads input without checking for bounds on the buffer involved. By overrunning the buffer, the worm rewrote the stack frame (see Eugene H. Spafford: Crisis and Aftermath. Communications of the ACM 32(6), June 1989). There would be no security hole in the finger daemon if a programming language would have been used for the I/O routines, where the compiler takes care of boundary checks for arrays. Pascal doesn't work since variable length strings are needed, but Ada would be fine. A language a la ML, where these checks are done at compile time, would be even better. 3. The AT&T breakdown a month ago was caused by a break statement in C. See the following mail (multiple forwarding headers deleted): Subject: AT&T software problem Subject: Cautionary note on C programming...AT&T learns from experience >From: kent@wsl.dec.com Subj: I've always thought C looked like line noise. Subj: the bug Subj: AT&T's bug, for you C users out there... Subj: I C what they mean! Subj: "c" considered dangerous to telephones Subj: Be careful from where you break! (else no long distance calls will make it thru...) Subj: C switch breaks AT&T switches! Subj: your "c users" list might appreciate this.... I received the following on AT&T's famous bug (and have deleted multiple forwarding headers): | | Subject: AT&T Bug | | Date: Fri Jan 19 12:18:33 1990 | | | | This is the bug that cause the AT&T breakdown | | the other day (no, it wasn't an MCI virus): | | | | In the switching software (written in C), there was a long | | "do . . . while" construct, which contained | | a "switch" statement, which contained | | an "if" clause, which contained a | | "break," which was intended for | | the "if" clause, but instead broke from | | the "switch" statement. | | Again it looks like this bug wouldn't have occurred in another programming language. You C what I mean? Do you know other stories like these, if possible with references? I don't want to praise Ada or pick at C and Fortran; I am looking for any story where a proveably inappropriate/insecure programming language has been used. Gerald Baumgartner gb@cs.purdue.edu ...!{decwrl,gatech,ucbvax}!purdue!gb