[2932] in bugtraq
Re: at the risk of another flamefest..
daemon@ATHENA.MIT.EDU (Alan L. Wendt)
Tue Jul 16 12:30:32 1996
Date: Tue, 16 Jul 1996 00:37:37 -0600
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "Alan L. Wendt" <alan@ez0.ezlink.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <9607151949.AA24982@tiffin.ic.ncs.com> from "David Stagner" at
Jul 15, 96 02:49:03 pm
>
> If I may fan the flames further... I often wonder if we should blame
> our Language of Choice, rather than bad programming practice. It
> seems to me that the bulk of code-based security problems these days
> are buffer overflow-related. Is this characteristic of poor coding,
> or a misfeature of C?
>
I would vote for the standard library calls. A library function that
accepts a pointer to a buffer area that is going to get written into,
without requiring a size parameter, is a travesty of two mockeries of a sham.
Alan
