From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 846b5e65 for ; Tue, 12 Nov 2019 22:14:33 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 75E309C118; Wed, 13 Nov 2019 08:14:32 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id E70559BB5B; Wed, 13 Nov 2019 08:14:19 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 245FC9BB5B; Wed, 13 Nov 2019 08:14:19 +1000 (AEST) Received: from mcvoy.com (mcvoy.com [192.169.23.250]) by minnie.tuhs.org (Postfix) with ESMTPS id C20A39BB16 for ; Wed, 13 Nov 2019 08:14:18 +1000 (AEST) Received: by mcvoy.com (Postfix, from userid 3546) id 7B6B935E104; Tue, 12 Nov 2019 14:14:18 -0800 (PST) Date: Tue, 12 Nov 2019 14:14:18 -0800 From: Larry McVoy To: Bakul Shah Message-ID: <20191112221418.GJ16268@mcvoy.com> References: <1573592179.5935.for-standards-violators@oclsc.org> <20191112221053.C2009156E80B@mail.bitblocks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191112221053.C2009156E80B@mail.bitblocks.com> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [TUHS] buffer overflow (Re: Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: tuhs@tuhs.org Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Tue, Nov 12, 2019 at 02:10:46PM -0800, Bakul Shah wrote: > On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson wrote: > > > > My longer-term reaction was to completely drop my sloppy > > old habit (common in those days not just in my code but in > > that of many others) of ignoring possible buffer overflows. > > I find it mind-boggling that people still make that mistake; > > it has been literal decades since the lesson was rubbed in > > our community's collective noses. I am very disappointed > > that programming education seems not to care enough about > > this sort of thing, even today. > > Unfortunately strcpy & other buffer overflow friendly > functions are still present in the C standard (I am looking at > n2434.pdf, draft of Sept 25, 2019). Is C really not fixable? Someone needs to do Strcpy() etc that have the length in the first bytes[s] of the string. -- --- Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm