From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-04 14:05:06 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!newsfeed.berkeley.edu!ucberkeley!agate.berkeley.edu!agate!not-for-mail From: daw@mozart.cs.berkeley.edu (David Wagner) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: Sat, 4 Aug 2001 21:05:06 +0000 (UTC) Organization: University of California, Berkeley Message-ID: <9kho22$33k$1@agate.berkeley.edu> References: <5ee5b646.0108010949.5abab7fe@posting.google.com> NNTP-Posting-Host: mozart.cs.berkeley.edu X-Trace: agate.berkeley.edu 996959106 3188 128.32.45.153 (4 Aug 2001 21:05:06 GMT) X-Complaints-To: usenet@agate.berkeley.edu NNTP-Posting-Date: Sat, 4 Aug 2001 21:05:06 +0000 (UTC) X-Newsreader: trn 4.0-test74 (May 26, 2000) Originator: daw@mozart.cs.berkeley.edu (David Wagner) Xref: archiver1.google.com comp.lang.ada:11296 comp.lang.c:72183 comp.lang.c++:79978 comp.lang.functional:7305 Date: 2001-08-04T21:05:06+00:00 List-Id: David Lee Lambert wrote: >C++ makes it very easy to avoid buffer-overflow bugs: just use the STL >types 'string' (for strings) and 'vector' (for arbitrary objects). I claim that this is primarily a library issue, not a language issue. It would also be easy to write libraries for C to avoid buffer-overflow bugs: Just provide a 'string' abstract data type that can only be manipulated by library functions and ensure that all those library functions do proper bounds-checking. (So why doesn't everyone do this? My answer: legacy code, and legacy programmers.) Note also that while buffer overruns in strings may be the most common cause of buffer overrun vulnerabilities, one should not overlook overruns in anything that manipulates arrays and pointers directly. Preventing the latter requires more than C++'s 'string' type or safe libraries; it requires programmer discipline or support from the programming language.