Re: Coding Practice [was Re: Serious OpenSSL vulnerability]

Jerry Feldman <gaf@xxxxxxx> · Sat, 19 Apr 2014 10:58:00 -0400



    On 04/09/2014 01:43 PM, Dave Stevens
      wrote:

    
    Quoting Tim <ignored_mailbox@xxxxxxxxxxxx>:
      

      Allegedly, on or about 08 April 2014,
        Jonathan Ryshpan sent:
        

        It's an interesting question why Net
          infrastructure code continues to
          

          be written in C, a language that provides no automatic checks
          for
          

          buffer overflow, which (if I understand right) is the opening
          for this
          

          security breach, along with so many others.  And why is the
          code run
          

          on hardware that provides no such checks?  There have been
          languages
          

          and system that check for overflow available for 40 years. 
          Why
          

          doesn't anyone use them?
          

        Only the other day I was thinking similarly:  That almost every
        exploit
        

        that I read about, over the last umpteen years, was a buffer
        overflow;
        

        and why is it so?  Are programmers such morons that they accept
        all data
        

        without care, rather than only accept what you actually expect?
        

      I would say they're badly trained. The cost/benefir ration between
      hardware and programmer time has changed drastically to the point
      where hardware is practically free but programmer time,
      notwithstanding offshoring, is expensive. The institutional
      inertia is so large that education consists largely of teaching
      the students to do well what their instructors would like to have
      been taught. Not a viable way forward.
      

      Dave
      

    All this is understood. But, consider the transition from C to
      a more modern, safer coding language with respect to developing a
      new OS, or even re-coding Linux and Unix. But that may be coming.
      For instance almost all coding in Android is in Java. The Android
      runs 1 but JVM (Dalvik). But, the underlying OS is still the Linux
      kernel. Possibly we should design a chipset that is a JVM. But,
      regardless of the computer language, bugs will be present. I've
      been moving some of our code from Subversion (stable and written
      in C) to another source control system written in Java. That
      source control system crashes frequently and leaves core dumps.. 

      
      My point is that it is not the computer language that causes the
      bugs, it is the programmer. There are many tools out there a
      programmer can use to analyze his/her code to find potential
      errors such as buffer overflows. So, let's say that we built a
      chip that is essentially a JVM and code everything in Java, will
      we have fewer bugs? No because sloppy coding techniques will exist
      regardless of the computer language.  Bounds-checking an array, or
      generating bounds-checking in the code has been around C a long
      time. But we generally don't use it because it costs too much in
      performance. 

      
      But, we are stuck with C for a while because that is what Linux
      and Unix are written. While Java is an excellent language I don't
      see it replacing C at the OS level, but it is almost there in
      Android.                             

    
    -- 
Jerry Feldman <gaf@xxxxxxx>
Boston Linux and Unix
PGP key id:3BC1EB90 
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90

  
Attachment:
signature.asc

Description: OpenPGP digital signature
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org