From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 759a0bdd for ; Tue, 12 Nov 2019 22:11:17 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id D7FBE9C137; Wed, 13 Nov 2019 08:11:15 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id BF9D39BB5B; Wed, 13 Nov 2019 08:10:56 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 6A0129BB5B; Wed, 13 Nov 2019 08:10:54 +1000 (AEST) Received: from mail.bitblocks.com (ns1.bitblocks.com [173.228.5.8]) by minnie.tuhs.org (Postfix) with ESMTP id 24F8B9BB16 for ; Wed, 13 Nov 2019 08:10:54 +1000 (AEST) Received: from bitblocks.com (localhost [127.0.0.1]) by mail.bitblocks.com (Postfix) with ESMTP id C2009156E80B for ; Tue, 12 Nov 2019 14:10:46 -0800 (PST) To: tuhs@tuhs.org In-reply-to: Your message of "Tue, 12 Nov 2019 15:56:15 -0500." <1573592179.5935.for-standards-violators@oclsc.org> References: <1573592179.5935.for-standards-violators@oclsc.org> Comments: In-reply-to Norman Wilson message dated "Tue, 12 Nov 2019 15:56:15 -0500." From: Bakul Shah MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <67515.1573596646.1@bitblocks.com> Date: Tue, 12 Nov 2019 14:10:46 -0800 Message-Id: <20191112221053.C2009156E80B@mail.bitblocks.com> Subject: [TUHS] buffer overflow (Re: Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson wrote: > > My longer-term reaction was to completely drop my sloppy > old habit (common in those days not just in my code but in > that of many others) of ignoring possible buffer overflows. > I find it mind-boggling that people still make that mistake; > it has been literal decades since the lesson was rubbed in > our community's collective noses. I am very disappointed > that programming education seems not to care enough about > this sort of thing, even today. Unfortunately strcpy & other buffer overflow friendly functions are still present in the C standard (I am looking at n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?