Buffer overflows are a fact of life, and, more specifically, a fact of
C.
All is not lost however. In the book
"Value Range Analysis of C programs" Axel Simon tries to establish a
theoretical framework for analyzing C programs. In contrast to other
books where the actual technical difficulties are "abstracted away",
this books tries to analyze real C programs taking into account
pointers, stack frames, etc.
It has just arrived today, I was waiting for it since several weeks. http://www.di.ens.fr/~simona/book.html
--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique http://www.cs.virginia.edu/~lcc-win32
Jul 22 '08
126  4353 
"Bart van Ingen Schenau" <Ba************ ********@ict.nl wrote in message
news:57******** *************** ***********@x41 g2000hsb.google groups.com...
On 23 jul, 03:37, "Dann Corbit" <dcor...@connx. comwrote:
>"Richard Heathfield" <r...@see.sig.i nvalidwrote in message
I haven't claimed that no buffer is involved. I've claimed that the C
program as shown doesn't use a buffer. It doesn't. What the
implementation
does in translation is of no concern as long as it faithfully
interprets
the program's semantics. If it chooses to add a buffer, so be it - but
the
C program does *not* use one.
The point discussed was in connection with vulnerabilities in connection
with the C programming language.
If a C program calls library functions, uses inline assembly or whatever
and
performs buffer movements then that is salient to the discussion of
vulnerabilitie s and buffer overflow.
Whether or not it was the end-user of the compiler or the compiler vendor
who broke something is irrelevant to the discussion.
By that reasoning, buffer overflows are a problem for every single
computer language in existance.
Even for the safest of safe languages, you can not possibly rule out
that a (flawed) translator introduces a buffer overflow in the
program.
So, why do people complain all the time about the possibility of
buffer overflows in C, but not in other languages?
Because nobody brought it up. Besides which, it would not be topical in
news:comp.lang. c
I don't particularly care if buffer overflows are a problem in {e.g.} Snobol
because I don't use it.
C is not more dangerous than (for instance) C++ in this regard. But it is
more dangerous than (for instance) Ada. I would further argue that an Ada
compiler compiled with C is probably not as safe as an Ada compiler compiled
with Ada and that a C compiler compiled with Ada would probably be safer
than a C compiler compiled with C.
Unbounded arrays and trusting in nul termination of strings are reasons for
my above opinion. I'm not even sure that I want to fix it, if it will make
things a lot slower. But I do want to think about it.
** Posted from http://www.teranews.com **
Ron Ford wrote:
On Tue, 22 Jul 2008 20:53:12 +0200, jacob navia posted:
>Buffer overflows are a fact of life, and, more specifically, a fact of
C.
All is not lost however. In the book
"Value Range Analysis of C programs" Axel Simon tries to establish a
theoretical framework for analyzing C programs. In contrast to other
books where the actual technical difficulties are "abstracted away",
this books tries to analyze real C programs taking into account
pointers, stack frames, etc.
It has just arrived today, I was waiting for it since several weeks.
http://www.di.ens.fr/~simona/book.html
%- Anyone interested in source code analysis. The formal yet concise
%- definition of an analysis of a real-world programming language can
%- help to define a simiar description for the purpose of slicing,
%- taint analysis, calculating metrics and many other application areas.
I'm somewhat of a non-believer here. There is no calculus to decide.
Well, mathematics doesn't need beliefs. You should read that book first.
Isn't 'taint' the scientific name for "perineum?"
When a variable has some property, for instance of being allocated with
malloc, this property goes on to other variables when they are assigned
the allocated variable, i.e. they are "tainted" by the right hand side.
The analysis and the following of those properties is "tainted"
analysis.
--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique http://www.cs.virginia.edu/~lcc-win32
Richard Heathfield <rj*@see.sig.in validwrites:
If you don't want buffer overflows, hire some good programmers. One way you
can tell they're good is that they hold regular code reviews in which they
point out faults in each others' code.
It has turned out that in all kind of products,
buffer overflows do have and do occur. In languages based on C you can
be king of all programmers, but this errors can get even those. And
unfortunatylly this kind of bugs can lurk around for ages and be not
discovered. Unfortunatly this really is one of the weaknesses in C
based languages, with the attitude "the programmer knows"....
Having good programmres surely will help but it does not mean that
those bugs can not appear in their code also
Regards
Friedrich
--
Please remove just-for-news- to reply via e-mail.
Dann Corbit wrote:
"Walter Roberson" <ro******@ibd.n rc-cnrc.gc.cawrote in message
news:g6******** **@canopus.cc.u manitoba.ca...
>In article <g6**********@a ioe.org>, jacob navia <ja***@nospam.o rg>
wrote:
>>Buffer overflows are a fact of life, and, more specifically, a fact of
C.
>The
existance of a single counter-example is enough to disprove your
claim that buffer overflows are "a fact of C".
I think we have to admit that buffer overflows are a *problem* of C. I
guess that a C dialect could be produced where every single library
function was formally proven. In such a system, buffer overflows would
only occur when the compiler end-user created one.
Are buffer overflows problem of *C* or of implementation of *C*?
I see only one problem on C standard, that limits the capabilities
of a compiler (+ run time environment) to check overflows.
I think a C compiler with range checks will be still
faster than other language "without overflows".
So the only problem I see is the dynamic memory.
IMHO C misses functions like:
void * type_alloc(size _t s, type_t type);
type is implicitly or explicitly converted to a
TYPE_UNK value (and information not used, like malloc),
or implementation defined value if an implementation
cares about runtime types.
I think with this additional information, an implementation
could be overflow safe and still conforming.
Or do you see other problem on C?
ciao
cate
Bart van Ingen Schenau <Ba************ ********@ict.nl writes:
>
So, why do people complain all the time about the possibility of
buffer overflows in C, but not in other languages?
because that kind of errors plagues C programs mostly?
Regards
Friedrich
--
Please remove just-for-news- to reply via e-mail.
Richard Heathfield wrote:
[Not sure what this is doing in csc - followups set to clc]
Thad Smith said:
<snip>
>Sloppy wording breeds meaningless assertions.
A "buffer overflow in C" is not even a proposition, let alone a fact. A
modulo operator is also not a "fact" of C or anything else.
Let's add precision with some propositions:
1. Buffer overflows occur when some programs written in C are run.
2. Buffer overflows occur when all programs written in C are run.
3. Buffer overflows can occur when running most programs written in C
under some conditions of invocation and inputs.
And then let's add:
4. Buffer overflows can sometimes occur when running some carelessly
written programs under some conditions of invocation and inputs,
This idiotic attitude is typical of the people here.
There is nothing wrong, buffer overflows aren't a problem, it is the
fault of the lazy programmers that aren't as clever as they should be.
Typical too is the lack of any software engineering argumentation, and
the desire to always stay in the three main discussions subject of this
group
1: void main(void) is not correct
2: i=I++ + ++i; is not correct
3: Doing lazy student's homework.
Anything that goes beyond that is off topic, for instance a book about
formal analysis of C programs obviously. There is NO NEED for formal
analysis when there are no buffer overflows, all contrary evidence
notwithstanding .
Implicit in this attitude is the attitude of their guru heathfield,
when he just dismisses the problem as above:
"carelessly written programs"... like his book (C unleashed) where
he assumes that sizeof(int) equals sizeof(void *) and gets a buffer
overflow. That he realized his error LATER and put the solution in
the ERRATA should be a reminder to him that not only "carelessly written
programs" happen to contain buffer overflows but that the easy with
which you can do those errors in C is a PROBLEM for C!
But no.
where
these programs are written in any of a variety of languages (certainly
including C, but also including C++ for a start) that are sufficiently
powerful to be capable of being dangerously misused by amateurs.
Yes sure.Those amateurs include heathfield obviously!
If you don't want buffer overflows, hire some good programmers.
Mr heathfield should follow his own advise. When writing a book,
try to hire a good programmer to write the examples.
One way you
can tell they're good is that they hold regular code reviews in which they
point out faults in each others' code.
This did not work in C unleashed.
This did not work in all the buffer overflows we were having in the last
years. And it is extremely expensive.
This attitude is leading to the conclusion for most sensible people that
they should avoid C (and C++) at all costs. Hence languages like Java
and C# appear, where this problem of the C buffer overflow should be
avoided by design.
--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique http://www.cs.virginia.edu/~lcc-win32
On 23 jul, 09:17, "Dann Corbit" <dcor...@connx. comwrote:
>
C is not more dangerous than (for instance) C++ in this regard. But it is
more dangerous than (for instance) Ada. I would further argue that an Ada
compiler compiled with C is probably not as safe as an Ada compiler compiled
with Ada and that a C compiler compiled with Ada would probably be safer
than a C compiler compiled with C.
I don't follow you there.
How does the language used to implement a compiler affect the safety
of the code generated *by* that compiler?
I see absolutely no difficulty in writing a compiler in a 'safe'
language with full bounds checking that generates a buffer overflow in
every program compiled with it.
>
Unbounded arrays and trusting in nul termination of strings are reasons for
my above opinion. I'm not even sure that I want to fix it, if it will make
things a lot slower. But I do want to think about it.
I agree that C lacks every kind of safety net.
But I don't blame the language if I have taken every possible
precaution in my source code and the compiler still manages to screw
up. Those things, I blame on the compiler regardless of which language
I am using.
Bart v Ingen Schenau
[followups set to comp.lang.c]
jacob navia said:
Ron Ford wrote:
<snip>
>>
I'm somewhat of a non-believer here. There is no calculus to decide.
Well, mathematics doesn't need beliefs.
It needs a few. They are called axioms.
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
Friedrich said:
Richard Heathfield <rj*@see.sig.in validwrites:
>If you don't want buffer overflows, hire some good programmers. One way
you can tell they're good is that they hold regular code reviews in
which they point out faults in each others' code.
It has turned out that in all kind of products,
buffer overflows do have and do occur.
Yes. In fact, it turns out that in ALL walks of life, people - even bright
people - screw up, and the impact of those screw-ups can be serious. Short
of mass suicide, there is no real solution to this problem. If you take
away the potential to cause damage, you generally do so at the expense of
liberty and power. Design a language in which buffer overflows are
impossible, and you'll find at least two consequences: (a) some ideas
become more cumbersome and inefficient to express in the new language, and
(b) some other devilish weakness will manifest itself, causing people to
rail against /that/ language, too. What a colossal waste of time!
In languages based on C you can
be king of all programmers, but this errors can get even those. And
unfortunatylly this kind of bugs can lurk around for ages and be not
discovered. Unfortunatly this really is one of the weaknesses in C
based languages, with the attitude "the programmer knows"....
If the programmer *doesn't* know, then the best thing to do is to keep the
programmer well away from the computer.
>
Having good programmres surely will help but it does not mean that
those bugs can not appear in their code also
No, of course it doesn't - but skilled code review teams can go a long way
towards eliminating these and other bugs.
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
[followups set to comp.lang.c]
Giacomo Catenazzi said:
<snip>
Are buffer overflows problem of *C* or of implementation of *C*?
No, they're a problem of C programmers.
I see only one problem on C standard, that limits the capabilities
of a compiler (+ run time environment) to check overflows.
Mandating it would be such a bad idea. Implementations are already free to
do bounds checking if they wish. Let the market decide. Programmers will
generally make the smart move if they're given the time to think about it.
Trust them to decide for themselves.
<snip>
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Nick Coghlan |
last post by:
Thought some folks here might find this one interesting. No great revelations,
just a fairly sensible piece on writing readable code :)
The whole article:
http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=271&page=1
The section specifically on white space:
http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=271&page=3
Cheers,
|
by: makko |
last post by:
Hello,
anyone know how to writre a program that take a commandline formula
and prints the calculated result? example;
$program 1+(2x3(3/2))-8
reagrds;
Makkko
|
by: Alvin Bruney [MVP] |
last post by:
I have two managed windows applications A and B. Both have their own config
files. Application A invokes application B thru process start. However,
since B runs in A's context, B starts up and reads A's configuration file
instead of it's own. I didn't even realize that this was possible.
To get around that issue, from A application code I create a new application
domain and load B. B then is able to read it's own configuration file....
|
by: natG |
last post by:
On a 3 column table, the PK consists of all 3 columns.
I have queries on the first two columns, as well as on the last two
columns. (Select * where column3=x and column2=y.)
I was hoping that this same pk index will suffice for the latter
(reverse-scan is on), but its doing a table scan.
Have I misinterpreted what a reverse-scan is?
Please advise. Thanks.
nat
|
by: nufuhsus |
last post by:
Hello all,
First let me appologise if this has been answered but I could not find
an acurate answer to this interesting problem.
If the following is true:
C:\Python25\rg.py>python
Python 2.5.1 (r251:54863, Apr 18 2007, 08:51:08) on
win32
Type "help", "copyright", "credits" or "license" for more
| | |
by: Mike |
last post by:
Hi
I am wonderinf if there are interesting examples to learn C.
Or any good idea?
Mike
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
| | |
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
