From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,da46977c58c329df X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-17 19:54:56 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.cwix.com!wn2feed!worldnet.att.net!135.173.83.71!wnfilter1!worldnet-localpost!bgtnsc04-news.ops.worldnet.att.net.POSTED!not-for-mail From: "David Thompson" Newsgroups: comp.lang.ada References: <4519e058.0201310714.650888e1@posting.google.com> <3C598CAA.7040801@home.com> <3C59FCD3.928144FB@adaworks.com> <7v8za79id0.fsf@vlinux.voxelvision.no> Subject: Re: Ada's Slide To Oblivion ... X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Message-ID: Date: Mon, 18 Feb 2002 03:54:55 GMT NNTP-Posting-Host: 12.89.131.81 X-Complaints-To: abuse@worldnet.att.net X-Trace: bgtnsc04-news.ops.worldnet.att.net 1014004495 12.89.131.81 (Mon, 18 Feb 2002 03:54:55 GMT) NNTP-Posting-Date: Mon, 18 Feb 2002 03:54:55 GMT Organization: AT&T Worldnet Xref: archiver1.google.com comp.lang.ada:20101 Date: 2002-02-18T03:54:55+00:00 List-Id: Nick Roberts wrote : ... > Allow me to try to clarify. The C language requires (in practice if not > strictly in theory) that all pointers fit into one machine word. Not really. Early versions of C did this (and BCPL and B required it), but as C became more widely ported and (then) standardized it was recognized by everyone who was paying attention that you cannot assume this: "all the world's not a VAX". It is true that C tends to stress use and particularly computation of pointers, which puts a premium on lightweight pointers, where possible. > On 32-bit > architectures, this almost invariably forces the use of a 'flat' address > space (just an offset, with no segment number or equivalent). Which means > that, for many architectures, the operating system cannot use segmentation > (or other memory divisions) to [restrict executability] Only on 32-bit architectures where the segment is (always) outside the 32-bit address, like 386+. I have seen several architectures that put segment+offset into a 32-bit address, which can work as you want. Admittedly certain x86 systems are so widely used that problems on them affect a lot of people, but I don't think the language is solely or even primarily to blame. > On many architectures, then, C prevents the OS from using available memory > protection mechanisms to prevent buffer overrun exploitation, whereas most > other programming languages do not. In this way, C is a security liability. Most generalpurpose 3GLs have some way of creating and using pointers, at least in the form of by-reference argument passing. It is equally illegal in all these languages to actually overrun a buffer, and in usual implementations of all of them it is possible to do so anyway, although almost never as easily as is usual in C, and if you do the results are equally damaging. > C++ generally has the same fault. Except to the extent that you use containers like std::vector or other encapsulated and checked types and operations to prevent overruns in the first place. But you certainly aren't required, or even all that strongly encouraged, to do so. -- - David.Thompson 1 now at worldnet.att.net