Reply With Quoteat first zlib and now awk .. I hope the overflows will end now .. :-/
There has been some buzz on vuln-dev over a possible buffer overflow in the current and past releases of awk. You can get some information on it from http://www.gnulinux.net or vuln-dev mailing list archives.
at first zlib and now awk .. I hope the overflows will end now .. :-/
Actually it's a good thing that they have been found. Usually when something like this is found it means that there has allready been people exploiting it for some time. Luckily, OSS allows white hats to find the bugs just as fast as black hats allowing for quick disclousre and patching.at first zlib and now awk .. I hope the overflows will end now .. :-/
yep thats the good side of OSS, but the best thing is if there were no such bugs, but thats not really possible I think.
Yeah, to make bugless software you mus be perfect. No one is perfect, and so no code is perfect ... though Bill might tell ya diffrent.
Why do you think I sawy that user applications should be coded in more secure languages? *I say that from now on, we all write in Ada! I mean, seriously, why bother writing something in C, just to see it mentionned on bugtraq? I mean, come on people, stop thinking that the only way to program is with either C or C++ and start learning languages with safer mecanisms.at first zlib and now awk .. I hope the overflows will end now .. *:-/
imho there are more advantages if you code it in C its some kind of standard, easy to read ... sure sometimes you will get exploits but i dont think that it is possible to make no errors in programming or to prevent exploits and overflows ..
I dont know Ada, can you show me some example syntax ..
I've heard it a lot of time, but I simply don't buy it anymore. *I mean, even the OpenBSD group who keep auditing the source code of the entire OS find bugs all the time, and they are computer security experts, so give me a break that it's possible to make no errors.imho there are more advantages if you code it in C its some kind of standard, easy to read ... sure sometimes you will get exploits but i dont think that it is possible to make no errors in programming or to prevent exploits and overflows ..
I dont know Ada, can you show me some example syntax ..
Very verbose and very secure.Code:with Ada.Text_IO; use Ada.Text_IO; procedure helloworld is begin *Put_Line ("Hello World"); end helloworld;
yep .. very verbose and looks secure to me, but people make errors, i dont think that you could write such a large os like linux or just the kernel without making errors, it is even harder to archive if there are over 300 people working on it, everyone has a different coding style and errors just happen ..
So what if you can't write an OS with it? We're talking about awk, and awk is a utility. C isn't bad at all for system programming (I mean, what kind of a choice is this: C, Assembly or Forth...). But for user applications, it's not the best language. It was not designed with that purpose in mind. Dennis Ritchie wrote it so that he and Ken Thompson could rewrite Unix. That's why I say that when it comes to user applications, higher level programming languages (Python, Ada, Perl, etc) are better suited.
Quoth the FoBoT: Use the right too for the right job.
And many people seem to agree with that saying, but not many seem to apply it.
Posting Permissions
Bookmarks