I am looking for a wish list of things which should be removed from
the C (C99) - due to feature's bad security track record <OT>or
Multithreading unsafety. I need this list for a project intending to
build another (easiest & most powerful) programming language, which
has a two page definition document stating: "... includes C
programming language (C99), except its famous
"avoid-using-this-functions". </OT>
If you would not want to remove a whole function but only the use of
it with certain arguments / parameters, what would those combinations
be like? (Like scanf with %s or %[ arguments )
Probably there are official not to use recommendation lists.
( million times better than this) http://tele3d.com/wiki/index.php/Par...ncluded_in_t3d
Please, do not circumvent the question by saying all functions except
gets() are safe if used properly. That would be like teaching that
"the ideology of Soviet Union was right, it was the Soviet peoples
fault that the system didn't work.
Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct) www.tele3d.com
May 10 '06
62  4141 
Skarmander <in*****@dontma ilme.com> writes: Andrew Poelstra wrote: On 2006-05-10, Rod Pemberton <do*********@bi tfoad.cmm> wrote: If you really want to get crazy with C, do some of these:
1) eliminate pointers in main
Seems like any problems associated with that would be poor
programming practice.
2) make pointers be associated with a variable before use, not with a data
type
Ditto.
3) eliminate malloc, add dynamic allocation and garbage collection
Now you've got a Java-like beast, only to solve programmers who can't keep
track of memory.
Exactly. Garbage collection is for people who are stupid or lazy or
both. Everyone knows that keeping track of memory yourself is better
and cleaner. Keeps the mind in shape and your programs fast.
Or something like that, at least.
Right. Mnemonic identifiers are also a crutch for the weak-minded.
Objects should be identified by serial numbers, preferably in
hexadecimal. I mean, we can't very well trust computers to keep track
of things like this; most of them are prorammed by lazy people.
--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
In article <bm************ *************** *****@4ax.com>,
Juuso Hukkanen <ju***********@ tele3d.net> wrote: I am looking for a wish list of things which should be removed from
the C (C99) - due to feature's bad security track record
Side effects.
If you don't allow anything that can have side effects, then nothing
can cause problems.
dave
--
Dave Vandervies dj******@csclub .uwaterloo.ca
If we assume that the programmer is unfamiliar with the language he is
using, then order of evaluation is the least of our worries.
--Joe Marshall in comp.lang.schem e
Keith Thompson <ks***@mib.or g> writes:
[...] Right. Mnemonic identifiers are also a crutch for the weak-minded.
Objects should be identified by serial numbers, preferably in
hexadecimal. I mean, we can't very well trust computers to keep track
of things like this; most of them are prorammed by lazy people.
In particular, some of them are "prorammed" by people who are too lazy
to proofread before posting.
--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Ben Pfaff wrote: qed <us********@azi llionmonkeys.co m> writes: I would get rid of ungetc just on principle (can't unread at the
beginning of a file, may screw up fgetpos(), only does a single
character -- its just super lame, and throws a monkey wrench into too
many other functions.)
I am unaware of a limitation on calling ungetc() at the beginning
of a file. I scanned the definition of ungetc() in C99 and
didn't see such a limitation--did I miss something?
"For a binary stream, its file position indicator is decremented by each
successful acll to the ungetc function; if its value was zero before a
call, its indeterminate after the call".
Whatever, if you are thinking about it from an implementators point of
view, its obvious what's wrong with this whole idea. Its stupid in
exactly the same way that fgets ignoring '\0' in its input stream is
stupid. Its the only function that behaves like that in a nest of other
functions that want things to behave differently.
--
Paul Hsieh http://www.pobox.com/~qed/ http://bstring.sf.net/
qed wrote:
.... snip ...
I am not sure why you want to get rid of srand() or rand(). Its true
they suck as PRNGs, and race conditions mess them up in ways that can be
worse than you think (and RAND_MAX is generally pathetically small), but
I don't think people generally abuse them to that degree of detriment in
the real world. Again, if you had a *substitute*, that would be fine.
The problem is that I am not aware of any good portable PRNGs -- are you
(hence supporting the idea that C is not a portable language)? As for
non-portable ones, there are plenty (such as Mersenne Twister, or any of
the Marsaglia generators.) So as long as we are stuck with *something*
-- they still can serve a role as a quick and dirty PRNG. (The right
answer here is to demand that the standard change how it works --
however a quick perusal of their guiding principles, indicates there is
no mechanism by which you could reasonably do this.)
Why do you consider the MT non-portable? I took one implementation
and removed the portability problems, by and large, except that I
was not sure that it would function correctly when a long was
larger that 32 bits. So my source creates an error for that
situation, leaving it up to someone else to decipher.
You can find my modification of it within the hashlib package,
where it is used to control regression testing.
<http://cbfalconer.home .att.net/download/hashlib.zip>
--
Some informative links:
news:news.annou nce.newusers http://www.geocities.com/nnqweb/ http://www.catb.org/~esr/faqs/smart-questions.html http://www.caliburn.nl/topposting.html http://www.netmeister.org/news/learn2quote.html
Ben Pfaff wrote: qed <us********@azi llionmonkeys.co m> writes:
I would get rid of ungetc just on principle (can't unread at the
beginning of a file, may screw up fgetpos(), only does a single
character -- its just super lame, and throws a monkey wrench into
too many other functions.)
I am unaware of a limitation on calling ungetc() at the beginning
of a file. I scanned the definition of ungetc() in C99 and
didn't see such a limitation--did I miss something?
ungetc is absolutely essential to provide one char look ahead
operation. Without it it is impossible to properly connect
divergent parsing modules. The only case known to me where the one
char limitation creates a problem is in parsing floats with an
invalid exponential part.
--
Some informative links:
news:news.annou nce.newusers http://www.geocities.com/nnqweb/ http://www.catb.org/~esr/faqs/smart-questions.html http://www.caliburn.nl/topposting.html http://www.netmeister.org/news/learn2quote.html
Rod Pemberton <do*********@bi tfoad.cmm> wrote: 1) 15 C functions suffer buffer overflow problems:
gets() cuserid() scanf() fscanf() sscanf() vscanf() vsscanf() vfscanf()
sprintf() strcat() strcpy() streadd() strecpy() vsprintf() strtrns()
However, of those functions that are standard C functions, only one,
gets(), is *intrinsically* vulnerable to buffer overruns. Using the
other functions correctly is part of what separates a programmer from
a monkey banging on a keyboard.
If you really want to get crazy with C, do some of these:
1) eliminate pointers in main
Why not just eliminate pointers altogether? There's a language that
does that for you, it's called Java. Otherwise, eliminating pointers
in some arbitrary function (be it main() or anything else) only
deprives you of a tool C gives you to write good, effective code for
no good reason.
3) eliminate malloc, add dynamic allocation and garbage collection
Again, Java does this for you. Perhaps a different language is
desired?
4) change C to pass by reference
Why, so you can have special tricks for passing by value?
6) give up now, and try Walter Bright's D language...
Or Java :-)
--
Christopher Benson-Manica | I *should* know what I'm talking about - if I
ataru(at)cybers pace.org | don't, I need to know. Flames welcome.
Richard Heathfield <in*****@invali d.invalid> wrote: Okay, drop gets(), scanf(), and strncpy() - ironically, this is unsafe
chiefly because people think it's safe and so they feel free to use it in a
rather cavalier way!
Alternatively, strncpy() could just work in the way we expect :-) I
always have to resort to a reference to remind myself that strncpy is,
in fact, a bit of a charlatan.
--
Christopher Benson-Manica | I *should* know what I'm talking about - if I
ataru(at)cybers pace.org | don't, I need to know. Flames welcome.
Rod Pemberton wrote: I read a security oriented pdf (sorry, don't know where anymore) which said:
1) 15 C functions suffer buffer overflow problems:
gets() cuserid() scanf() fscanf() sscanf() vscanf() vsscanf() vfscanf()
sprintf() strcat() strcpy() streadd() strecpy() vsprintf() strtrns()
2) 8 C functions suffer from format string vulnerabilities
printf() fprintf() sprintf() snprintf() vprintf() vfprintf() vsprintf()
vsnprintf()
Summary of pdf: Because many C implementations use the same stack for
string data and flow control information (like addresses), the above
functions can modify the flow control information on the stack thereby
allowing authorized code to execute.
That's only one kind of catastrophic failure. Personally, I would be
more focused on the fact that the failures happen in the first place.
If you really want to get crazy with C, do some of these:
1) eliminate pointers in main
Huh? I probably need some elaboration here. Do you literally mean that
you shouldn't have local variables in main that are passed by reference
to other functions? Or ... what *do* you mean?
2) make pointers be associated with a variable before use, not with a data
type
Huh? You mean that building linked lists and similar data structures
should take an additional operation (first assign the new node malloc to
a variable) or do you mean that making such things should be impossible?
3) eliminate malloc, add dynamic allocation and garbage collection
Ok, but then you are no longer programming in C. C is a language that
allows you to understand the *performance* of your application very
clearly. Java is a language allows you to understand what it *does*
very clearly. The two languages are differentiated by this difference
in philosophy. Making C more like Java is just as easily achieved by
throwing it out and starting with Java.
However, I understand the motivation. Why not instead ask for *more*
from the C universe? There are many ways of *extending* the whole
malloc/etc paradigm to make it safer, *faster* and more powerful.
4) change C to pass by reference
Ok, no. Adding refs (the & thingy from C++) I agree with, because
passing pointers tends to more dangerous in general (more likely to pass
in NULL, or garbage/uninitialized pointers) for some cases. However to
be general, you must support *both* semantics, and C does this by
allowing you to pass a pointer in lieu of references. But don't take
away call by value from the language.
5) require separation of string (and other) data and flow control
information
You mean don't throw growable data types into non-growable arrays on a
stack? I agree. Bstrlib makes exactly this distinction (there is no
sane way to put a non-constant bstring on the stack). Perhaps only
allowing bounds protected enforced types into auto variables.
6) give up now, and try Walter Bright's D language...
Because "C++++" would have been too tacky. You could instead look at
languages like Python, Lua, and Java and ask yourself, what would it
take to design a language that was as easy to use as Python/Lua, and
safe and predictable as Java, with the speed of C?
--
Paul Hsieh http://www.pobox.com/~qed/ http://bstring.sf.net/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Chris |
last post by:
Hello
Am really worried, so wondered if anyone could help.
My site outgrew itself recently so we've had to make changes to the url
structure.
I have some important url's like this: www.mysite.com/bluewidgets/, Yet now
with the expansion of the site and url structure change (had to be done) we
also have urls like: www.mysite.com/country1/bluewidgets/ which serves up
identical content to the above first url.
|
by: Mr. B |
last post by:
In my application which allows a user to open specific AutoCAD script files
(SCR extension), I want to intoduce a listing of the 10 most recently opened
files.
I know of at least two ways that I could do this:
1) Have a text file that contains the information
2) Write the info to the Registry
The first is my easiest as I am familiar with TXT type files. I've never used
(and have no idea how to use) a XML type file (let alone the...
|
by: David Callaghan |
last post by:
Hi
I've just joined tesco broadband.
I've come from NTL.
If I don't put an index.htm on my NTL home page it justs lists the
files in there when any browser visites my page.
If I don't put an index.htm on my Tesco home page, I get a:
|
by: kristopher |
last post by:
Websites of various subjects ranging from computing to entertainment.
TrafficRanking.com says that allsitecafe.com is one of the most VISITED internet sites on the web today! There are over 1,700+ sites linked to allsitecafe.com, and every site has been visited by a human being before inclusion into the allsitecafe.com database of links. You won’t find many dead links at allsitecafe.com – the database is faithfully updated every 4-6 months...
|
by: cj |
last post by:
Hi,
I'm able to get the listing of (or "Index of") a directory on a
website/webserver using HttpWebRequest and HttpWebResponse, but it comes
back as an HTML page, similar to what IE or Mozilla/Firefox/Netscape would
show.
Is there anyway to get the listing in some other form, or do I just have to
parse the info myself?
| | |
by: JohnR |
last post by:
Couldn't find it in MSDN. Does anybody have a listing of the message
constants that would be received in my application.addmessagefilter routine
in VB.net? They are referred to all over MSDN but I can't locate the actual
listing of the constants and their values.
Thanks, John
|
by: Light |
last post by:
Re,
I'm having 2 problems with the Telerik trial controls. I'm using the
latest release. I'm using 2005 studio and most of the controls show up
properly in the designer but the RadMenu does not. It says "Error
Creating Control" and then a ton of errors. This occurs both when I
use it and in the examples but it does render properly when built.
If I drag/drop the control then it shows up properly but when I apply a
theme and then...
|
by: Juuso Hukkanen |
last post by:
I need a list of multithreading unsafe C (C99) functions/features.
comp.programming.threads provided an initial list of C:ish functions,
with following ANSI C functions:
asctime, gmtime, localtime, ctime, tmpnam, strtok
http://www.lambdacs.com/cpt/FAQ.html#Q150
However, extra Googling hinted rand() and srand(), also being
unsuitable for multi-threading - opinions? And what is the status of
|
by: TahoeKid |
last post by:
I need to modify and assemble the assembler listing files generated
from the VS 2005 IDE.
A test generated listing file did not assmeble 'as is'.
Has anyone tried this? It seems to me the listing file should
assemble.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
