On 04/09/2014 06:19 PM, Tim wrote:
Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
It's an interesting question why Net infrastructure code continues to
be written in C, a language that provides no automatic checks for
buffer overflow, which (if I understand right) is the opening for this
security breach, along with so many others. And why is the code run
on hardware that provides no such checks? There have been languages
and system that check for overflow available for 40 years. Why
doesn't anyone use them?
Only the other day I was thinking similarly: That almost every exploit
that I read about, over the last umpteen years, was a buffer overflow;
and why is it so? Are programmers such morons that they accept all data
without care, rather than only accept what you actually expect?
IMO, it's just the fact that buffer overflows are the #1 weakness of
coding in C and are the #1 use-case for exploits.
Other programming languages have other common weaknesses (Think of java
or php), or are simply too little used to have made their weakness
public and known to attackers.
Ralf
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
