Re: Thanks! Re: good anti-virus software to use?
On Tue, 2006-04-25 at 17:38 -0400, Roberto C. Sanchez wrote:
> Monique Y. Mudama wrote:
> > On 2006-04-25, Ron Johnson penned:
> >
> >>On Tue, 2006-04-25 at 13:34 -0600, Monique Y. Mudama wrote:
> >>
> >>>Sure, but I could write a program in COBOL and still load passwords
> >>>from a plain text file stored with wide-open permissions, just for
> >>>example.
> >>
> >>That's willfully stupid programming.
> >
> >
> > People do stuff like that all the time. As I said, you can write an
> > insecure program in any language.
> >
>
> I think you are twisting Ron's point. His original point was that some
> languages (like C/C++) make it possible to have hard to detect subtle
> faults that become security problems. Other languages (like COBOL) do
> away with those subtle issues. Essentially, you have to try and be
> determined to write something insecure. I think his discussion focused
> on strings, but it probably extends to other things as well.
Correct. Strings, their generalized older brother arrays, and their
cousin, malloc().
For example, pass an overly-long string into a C program, and you
can smash the stack.
Pass that same string into a COBOL program and it gets truncated
at the compile-time field length.
--
-----------------------------------------------------------------
Ron Johnson, Jr.
Jefferson, LA USA
"The Socialist who finds his children playing with soldiers is
usually upset, but he is never able to think of a substitute for
the tin soldiers; tin pacifists somehow won't do."
George Orwell, 1940, reviewing /Mein Kampf/
Reply to: