[2926] in bugtraq
Re: at the risk of another flamefest..
daemon@ATHENA.MIT.EDU (Eugene Bradley)
Mon Jul 15 19:43:44 1996
Date: Mon, 15 Jul 1996 19:09:52 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Eugene Bradley <ebradley@andromeda.rutgers.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Peter Jeremy <jeremyp@gsms01.alcatel.com.au> writes:
-----BEGIN PGP SIGNED MESSAGE-----
on Jul 16, Peter Jeremy <jeremyp@gsms01.alcatel.com.au> writes:
# It might be worth noting that Richard W.M. Jones <rwmj@doc.ic.ac.uk>
# has written some patches to gcc which add fine-grained bounds checking
# to C. Sources are in: ftp://dse.doc.ic.ac.uk/pub/misc/bcc
# Additional information at:
# http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html
# http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html
#
# Unfortunately, the resultant code is substantially slower and is therefore
# really only suitable for testing - this seems primarily due to the
# requirement for bounds-checked code to fully interwork with non bounds-
# checked code.
[deletia]
# I disagree. Whilst perl at the script level hides array-bounds problems
# from the user, it is not a panacea. Firstly, the interpreter itself is
# written in C - thus it is possible that the interpreter itself may suffer
# from an array-bounds problem. Secondly, it is _very_ large (several times
# the size of sendmail) thus violating the KISS principle - which is
# particularly important for security tools.
If this is is the case, couldn't Larry Wall et al. recompile
perl 5 using the above gcc patches? Granted the newly-patched perl
interpreter would be a bit slower to compile code, but personally
I'd rather take the slowness than to have tons of array bounds problems
in my code.
If anything, if and when I release such code, I'd personally recommend
that code code be tested on single-user workstations before being used
on multi-user networks. This would avoid any load problems such code
could potentially present on such multi-user systems.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMerPpxskmjHS+zH1AQFt4QP9FDd3BCVHEndOxIbYPCkq2KTf0Ec00K2W
PjAgfCkxj5HTMCqBJIKvFRq+w7guCxFyxHntQN3qprO2WOPZp9orbd7NTLGZuIFu
+nZMh1gW2A8DdyEdjg7AxNStEmDJ+/ES9z7DFrOUukPuXEgqXS1cGBOgFYNSHKv9
e0/YMkpYk+Y=
=rIYH
-----END PGP SIGNATURE-----
--
Eugene Bradley | finger me for my PGP public key
webmaster of misery.winter.org
PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E
<a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>
