From: "David Thompson" <david.thompson1@worldnet.att.net>
Subject: Re: Ada's Slide To Oblivion ...
Date: Mon, 18 Feb 2002 03:54:55 GMT
Date: 2002-02-18T03:54:55+00:00 [thread overview]
Message-ID: <jW_b8.8435$BR3.457967@bgtnsc04-news.ops.worldnet.att.net> (raw)
In-Reply-To: a3s70v$1ac4bu$1@ID-25716.news.dfncis.de
Nick Roberts <nickroberts@adaos.worldonline.co.uk> wrote :
...
> Allow me to try to clarify. The C language requires (in practice if not
> strictly in theory) that all pointers fit into one machine word.
Not really. Early versions of C did this (and BCPL and B required it),
but as C became more widely ported and (then) standardized it was
recognized by everyone who was paying attention that you cannot
assume this: "all the world's not a VAX". It is true that C tends to
stress use and particularly computation of pointers, which puts
a premium on lightweight pointers, where possible.
> On 32-bit
> architectures, this almost invariably forces the use of a 'flat' address
> space (just an offset, with no segment number or equivalent). Which means
> that, for many architectures, the operating system cannot use segmentation
> (or other memory divisions) to [restrict executability]
Only on 32-bit architectures where the segment is (always)
outside the 32-bit address, like 386+. I have seen several
architectures that put segment+offset into a 32-bit address,
which can work as you want. Admittedly certain x86 systems
are so widely used that problems on them affect a lot of people,
but I don't think the language is solely or even primarily to blame.
> On many architectures, then, C prevents the OS from using available memory
> protection mechanisms to prevent buffer overrun exploitation, whereas most
> other programming languages do not. In this way, C is a security liability.
Most generalpurpose 3GLs have some way of creating and using
pointers, at least in the form of by-reference argument passing.
It is equally illegal in all these languages to actually overrun a
buffer, and in usual implementations of all of them it is possible
to do so anyway, although almost never as easily as is usual in C,
and if you do the results are equally damaging.
> C++ generally has the same fault.
Except to the extent that you use containers like std::vector
or other encapsulated and checked types and operations
to prevent overruns in the first place. But you certainly aren't
required, or even all that strongly encouraged, to do so.
--
- David.Thompson 1 now at worldnet.att.net
next prev parent reply other threads:[~2002-02-18 3:54 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-30 23:09 Ada's Slide To Oblivion Volkert
2002-01-30 23:57 ` Marin David Condic
2002-01-31 3:04 ` Richard Riehle
2002-01-31 3:05 ` Eric Merritt
2002-01-31 16:26 ` Richard Riehle
2002-01-31 16:41 ` Larry Kilgallen
2002-02-02 15:51 ` Zach Swanson
2002-02-02 19:18 ` Richard Riehle
2002-02-04 4:43 ` Richard Riehle
2002-01-31 14:37 ` Marin David Condic
2002-01-31 15:14 ` Ted Dennison
2002-01-31 17:16 ` Marin David Condic
2002-01-31 18:32 ` Steve O'Neill
2002-01-31 18:27 ` Warren W. Gay VE3WWG
2002-01-31 19:22 ` Marin David Condic
2002-01-31 20:40 ` Christopher A. Bohn
2002-01-31 21:08 ` Marin David Condic
2002-02-01 14:22 ` [off-topic - to lighten the air] Wes Groleau
2002-02-01 2:31 ` Ada's Slide To Oblivion Richard Riehle
2002-02-04 16:51 ` Jerry Petrey
2002-02-04 17:49 ` Richard Riehle
2002-02-04 18:24 ` Marin David Condic
2002-02-05 9:04 ` DPH
2002-02-05 14:46 ` Marin David Condic
2002-02-05 16:37 ` Wes Groleau
2002-02-05 17:22 ` Marin David Condic
2002-02-05 18:42 ` Preben Randhol
2002-02-06 21:37 ` Warren W. Gay VE3WWG
2002-02-07 11:30 ` Georg Bauhaus
2002-02-05 13:48 ` Georg Bauhaus
2002-02-06 7:07 ` Anders Wirzenius
2002-02-01 2:26 ` Richard Riehle
2002-02-01 14:27 ` A. Nonny Mouse
2002-02-01 17:18 ` Dale Pontius
2002-02-06 2:37 ` Nick Roberts
2002-02-06 7:31 ` Ole-Hjalmar Kristensen
2002-02-06 21:27 ` Nick Roberts
2002-02-06 22:03 ` Ian S. Nelson
2002-02-07 1:44 ` Philip Cummins
2002-02-07 13:56 ` Ian Wild
2002-02-07 17:25 ` Ray Blaak
2002-02-07 19:20 ` Hyman Rosen
2002-02-07 21:36 ` David Brown
2002-02-08 10:36 ` Ian Wild
2002-02-08 12:23 ` Ole-Hjalmar Kristensen
2002-02-08 12:51 ` Ian Wild
2002-02-08 14:28 ` Marin David Condic
2002-02-08 15:52 ` Ole-Hjalmar Kristensen
2002-02-08 13:08 ` Nick Roberts
2002-02-08 21:28 ` Matthew Woodcraft
2002-02-08 21:45 ` Nick Roberts
2002-02-08 22:44 ` Darren New
2002-02-09 0:39 ` David Brown
2002-02-18 3:54 ` David Thompson [this message]
2002-02-06 14:59 ` Ian S. Nelson
2002-01-31 18:28 ` Warren W. Gay VE3WWG
2002-01-31 2:37 ` Jim Rogers
2002-01-31 15:02 ` Marin David Condic
2002-01-31 18:28 ` Steve O'Neill
2002-01-31 19:41 ` Larry Kilgallen
2002-01-31 19:53 ` martin.m.dowie
2002-01-31 20:06 ` Marin David Condic
2002-01-31 21:06 ` Steve O'Neill
2002-01-31 22:28 ` Marin David Condic
2002-01-31 19:42 ` Marin David Condic
2002-01-31 18:41 ` Warren W. Gay VE3WWG
2002-01-31 19:52 ` Marin David Condic
2002-02-01 18:31 ` Warren W. Gay VE3WWG
2002-02-01 12:28 ` David Gillon
2002-02-01 21:02 ` Marin David Condic
2002-02-02 4:05 ` Adrian Hoe
2002-02-02 12:51 ` Jeffrey Creem
2002-02-04 15:58 ` Marin David Condic
2002-02-02 4:02 ` Adrian Hoe
2002-02-02 17:35 ` tmoran
2002-02-01 1:42 ` Randy Brukardt
2002-02-01 16:56 ` Nick Roberts
-- strict thread matches above, loose matches on Subject: below --
2002-02-06 7:02 Christoph Grein
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox