Re: Thanks! Re: good anti-virus software to use?

To: debian-user@lists.debian.org
Subject: Re: Thanks! Re: good anti-virus software to use?
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Tue, 25 Apr 2006 17:27:47 -0500
Message-id: <[🔎] 1146004067.31257.5.camel@haggis.homelan>
In-reply-to: <[🔎] 444E96F1.6000402@familiasanchez.net>
References: <[🔎] 44482909.8080600@gmail.com> <[🔎] 20060421051126.92266.qmail@web30801.mail.mud.yahoo.com> <[🔎] 20060421194525.GA1565@witts-end.cavein.org> <[🔎] slrne4iflq.dtl.spam@home.bounceswoosh.org> <[🔎] 20060422005047.GB7543@witts-end.cavein.org> <[🔎] 444993AA.5010900@familiasanchez.net> <[🔎] 1145672970.17918.12.camel@haggis.homelan> <[🔎] slrne4kjmt.dtl.spam@home.bounceswoosh.org> <[🔎] 1145737915.3020.43.camel@haggis.homelan> <[🔎] slrne4sude.ro3.spam@home.bounceswoosh.org> <[🔎] 1145997456.28247.5.camel@haggis.homelan> <[🔎] slrne4t32s.ro3.spam@home.bounceswoosh.org> <[🔎] 444E96F1.6000402@familiasanchez.net>

On Tue, 2006-04-25 at 17:38 -0400, Roberto C. Sanchez wrote:
> Monique Y. Mudama wrote:
> > On 2006-04-25, Ron Johnson penned:
> > 
> >>On Tue, 2006-04-25 at 13:34 -0600, Monique Y. Mudama wrote:
> >>
> >>>Sure, but I could write a program in COBOL and still load passwords
> >>>from a plain text file stored with wide-open permissions, just for
> >>>example.
> >>
> >>That's willfully stupid programming.
> > 
> > 
> > People do stuff like that all the time.  As I said, you can write an
> > insecure program in any language.
> > 
> 
> I think you are twisting Ron's point.  His original point was that some
> languages (like C/C++) make it possible to have hard to detect subtle
> faults that become security problems.  Other languages (like COBOL) do
> away with those subtle issues.  Essentially, you have to try and be
> determined to write something insecure.  I think his discussion focused
> on strings, but it probably extends to other things as well.

Correct.  Strings, their generalized older brother arrays, and their
cousin, malloc().

For example, pass an overly-long string into a C program, and you
can smash the stack.

Pass that same string into a COBOL program and it gets truncated
at the compile-time field length. 

-- 
-----------------------------------------------------------------
Ron Johnson, Jr.
Jefferson, LA USA

"The Socialist who finds his children playing with soldiers is
usually upset, but he is never able to think of a substitute for
the tin soldiers; tin pacifists somehow won't do."
George Orwell, 1940, reviewing /Mein Kampf/

Reply to:

References:
- Re: good anti-virus software to use?
  - From: Linas Žvirblis <0x0007@gmail.com>
- Thanks! Re: good anti-virus software to use?
  - From: lmyho <lm_yho@yahoo.com>
- Re: Thanks! Re: good anti-virus software to use?
  - From: Christopher Nelson <chris@cavein.org>
- Re: Thanks! Re: good anti-virus software to use?
  - From: "Monique Y. Mudama" <spam@bounceswoosh.org>
- Re: Thanks! Re: good anti-virus software to use?
  - From: Christopher Nelson <chris@cavein.org>
- Re: Thanks! Re: good anti-virus software to use?
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: Thanks! Re: good anti-virus software to use?
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Thanks! Re: good anti-virus software to use?
  - From: "Monique Y. Mudama" <spam@bounceswoosh.org>
- Re: Thanks! Re: good anti-virus software to use?
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Thanks! Re: good anti-virus software to use?
  - From: "Monique Y. Mudama" <spam@bounceswoosh.org>
- Re: Thanks! Re: good anti-virus software to use?
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Thanks! Re: good anti-virus software to use?
  - From: "Monique Y. Mudama" <spam@bounceswoosh.org>
- Re: Thanks! Re: good anti-virus software to use?
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

Prev by Date: Re: screen : problem
Next by Date: Re: Updating Network Install to Full Install
Previous by thread: Re: Thanks! Re: good anti-virus software to use?
Next by thread: Re: good anti-virus software to use?
Index(es):
- Date
- Thread