[7357] in bugtraq
Re: EMERGENCY: new remote root exploit in UW imapd (fwd)
daemon@ATHENA.MIT.EDU (Richard Shetron)
Wed Jul 22 16:43:57 1998
Date: Tue, 21 Jul 1998 16:43:03 -0400
Reply-To: multics@wizvax.net
From: Richard Shetron <multics@WIZVAX.WIZVAX.NET>
To: BUGTRAQ@NETSPACE.ORG
Forwarded message:
>
> On Jul 16, 11:04pm, Perry E. Metzger (possibly) wrote:
[snip]
> http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html
>
> This is for 2.7.2. Be forewarned that it results in _very_ slow
> programs - an example was cited on the FreeBSD-security mailing list
> as follows (Don.Lewis@tsc.tdk.com):
[snip]
Languages that start without bounds checking, particulalry C/C++ where
people often use pointers to access elements in an array, may have lots
of overhead from the bounds checking code trying to figure out what it
needs to do.
ie *(array + 5) may result in much more code for bounds checking in
C then array[5] in a language that supports array bounds checking.
The ability of the compiler to optimize array[5] can make a difference.
I've worked with languages, such as Fortran and PL/1, that do bounds
checking and have tried performance checking by running data with bounds
checking turned on and off. The differences in these languages in the
programs I used was often less then 10%.
--
Richard Shetron multics@wizvax.net multics@acm.rpi.edu
What is the Meaning of Life?
There is no meaning,
It's just a consequence of complex carbon based chemistry; don't worry about it
The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.
