[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] Re: PSPIC error - "missing argument"

From: Colin Watson
Subject: Re: [Groff] Re: PSPIC error - "missing argument"
Date: Sun, 16 Jun 2002 21:36:07 +0100
User-agent: Mutt/1.3.28i

On Sun, Jun 16, 2002 at 10:21:42PM +0200, Bernd Warken wrote:
> On Sun, Jun 16, 2002 at 08:04:06PM +0100, Colin Watson wrote:
> > On Sun, Jun 16, 2002 at 12:15:27PM +0100, Ralph Corderoy wrote:
> > > That's a shame.  Perhaps next time you make claims such as `groff is
> > > full of subtle bugs' and `it is absolutely insecure (buffer-overflows)'
> > > you do us the courtesy of backing them up with some facts.  Otherwise,
> > > you get a reputation for making unfounded, sensationalist, claims.
> > 
> > I must say that that sort of claim is rather concerning for those who
> > ship groff in an environment where it's sometimes called by setuid
> > programs (lpd is an example, IIRC). Am I going to have to backport a lot
> > of patches from CVS to 1.18 once Bernd makes his concerns public?
> Are you intelligent men or lunatic chickens?  The following assumes
> that everyone in the mailing list is able to use her brain, can read,
> and is not driven by unconscious fears.  (Otherwise, running `M-x doctor' 
> in Emacs might be of help :-)

It's one thing to be overly paranoid for oneself and another to be
considering in advance the security updates I may have to make for
users. "Absolutely insecure" means something quite different (and much
more serious) to me than the "minor" bugs you proceed to describe below.

Thank you for the clarifications.

> This HOWTO was validated by industrial programmers in Germany - it was
> even enforced by them in a discussion in the press.  So it contains
> wisdom; but I am sure that most of you will laugh at it because it
> tackles the classical programming style.  You will have to change your
> way of thinking - or be eaten by hackers.

The Secure-Programs-HOWTO has always seemed sensible to me.

> Some insecure C features:
> - malloc() and friends are insecure.
> - printf()/scanf() and friends are insecure.
> - '\0'-terminated strings are insecure.
> - using `int' for everything is insecure.
> etc.

I would add "if used improperly" to all of those, although of course
it's difficult to ensure this throughout a large body of code. It is
true that they have less protection against programmer error than
corresponding constructs in other languages.

Colin Watson                                  address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]