From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id dba7ad49 for ; Wed, 13 Nov 2019 01:44:17 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 5D2309C6B7; Wed, 13 Nov 2019 11:44:16 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id F3D959C112; Wed, 13 Nov 2019 11:43:46 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="fNbv8NIy"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 08A589BB79; Wed, 13 Nov 2019 11:43:44 +1000 (AEST) Received: from mail-vs1-f50.google.com (mail-vs1-f50.google.com [209.85.217.50]) by minnie.tuhs.org (Postfix) with ESMTPS id 4F6A19BB5B for ; Wed, 13 Nov 2019 11:43:43 +1000 (AEST) Received: by mail-vs1-f50.google.com with SMTP id x21so272970vsp.6 for ; Tue, 12 Nov 2019 17:43:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JIs+NbYQ/k5flPS+jyCR5YooOhI1908mFYE8JVz2N08=; b=fNbv8NIyJUiGnFKweVTCTV6A5yIETvoIpZx6x/Xd5Y4FKe83/f5IcRe2ZDDg9cMADD bfVhlvBUi+2rhxbRyjfB7dbjsFiL0pQP17O4YyEVdaHqSulFvVGkJ4l/6hXHBt0aHH0x ylv89aUPduVC/kz7GPWW5zKp0K5uiP+Ox9aCw8TqhN51Ah4YNDjWU+3E3zz+QrcYADlf 7t8hSWfht1Kxag/QC30xRb4zpyeI+nf1XJGuzbf9aiuVkW8mbRZAKDVcphVEk1L/SYrE z3zC9DxOgUqEmLgjVBNJ/Zoo8hkbhn3VzFoKlb4X36xNU+dJAxfbxb9AQhpdgblzY2Hw Ka6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JIs+NbYQ/k5flPS+jyCR5YooOhI1908mFYE8JVz2N08=; b=APcC3KobnuxlqH13SQjPbAyHBAlVwy5tRVQvg04o7ktTHu9879eDplE8P0lgyAa6R/ 5MI07vs2/SoVehIxsCthG2kq22rAjy8PeyKAUtHRsN58fq2IdujxOAyHvOv5lA2k7t4Y nGdZZ7yTtqhrjVqXtlnDJx0dnnIIm5OPFa815aN1UlWoBLfD+hRrHWg5+INKNy1zAT8c u728csFGGDqdYgGaTZkNJ5d0rca1a731ORiDITXMqk7PgPCK13CtPpZjIHcwbp9oy19/ Pg1b0/hNMkPHVfXDrCgdsi0c4DMCa/dCne/gmNNdwq6iuhGiLgjDiUC/hCjTf2iJcss7 NRKw== X-Gm-Message-State: APjAAAW7wzlh5fpolW7VzvWvElyIcmKdj0fR/hEtjYKDjFNxOIOZA8pI Z0XCsK0A/V4xt92fA9fr0LalQIvGNzKSF21teYXkLQ== X-Google-Smtp-Source: APXvYqynynv1qHy1Y9pZxfV5nn0vWfUJtwNb2W9u8VDKyhFZJe/EJzSgT753guSoHhGs7otuITsG2BsRjqSfNgC5na0= X-Received: by 2002:a05:6102:22eb:: with SMTP id b11mr477169vsh.52.1573609422241; Tue, 12 Nov 2019 17:43:42 -0800 (PST) MIME-Version: 1.0 References: <1573598358.7551.for-standards-violators@oclsc.org> In-Reply-To: <1573598358.7551.for-standards-violators@oclsc.org> From: "John P. Linderman" Date: Tue, 12 Nov 2019 20:43:30 -0500 Message-ID: To: Norman Wilson Content-Type: multipart/alternative; boundary="000000000000a0c53c0597307e21" Subject: Re: [TUHS] buffer overflow (Re: Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: The Eunuchs Hysterical Society Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --000000000000a0c53c0597307e21 Content-Type: text/plain; charset="UTF-8" Lorinda Cherry told me that that RTM (senior) used to test people's programs by feeding them to themselves as input, a.out < a.out. It helped cure people of the assumption that a program would only see "reasonable" inputs. On Tue, Nov 12, 2019 at 5:40 PM Norman Wilson wrote: > Bakul Shah: > > Unfortunately strcpy & other buffer overflow friendly > functions are still present in the C standard (I am looking at > n2434.pdf, draft of Sept 25, 2019). Is C really not fixable? > > ==== > > If you mean `can C be made proof against careless programmers,' > no. You could try but the result wouldn't be C. And Flon's > Dictum applies anyway, as always. > > It's perfectly possible to program in C without overflowing > fixed buffers, just as it's perfectly possible to program in > C without dereferencing a NULL or garbage pointer. I don't > claim to be perfect, but before the rtm worm rubbed my nose > in such problems, I was often sloppy about them, and afterward > I was very much aware of them and paid attention. > > That's all I ask: we need to pay attention. It's not about > tools, it's about brains and craftmanship and caring more > about quality than about feature count or shiny surfaces > or pushing the product out the door. > > Which is a good bit of what was attractive about UNIX in > the first place--that both its ideas and its implementation > were straightforward and comprehensible and made with some > care. (Never mind that it wasn't perfect either.) > > Too bad software in general and UNIX descendants in particular > seem to have left all that behind. > > Norman Wilson > Toronto ON > > PS: if you find this depressing, cheer yourself up by watching > the LCM video showing off UNICS on the PDP-7. I just did, and > it did. > --000000000000a0c53c0597307e21 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Lor= inda Cherry told me that that RTM (senior) used to test people's progra= ms by feeding them to themselves as input, a.out < a.out. It helped cure= people of the assumption that a program would only see "reasonable&qu= ot; inputs.

On Tue, Nov 12, 2019 at 5:40 PM Norman Wilson <norman@oclsc.org> wrote:
Bakul Shah:

=C2=A0 Unfortunately strcpy & other buffer overflow friendly
=C2=A0 functions are still present in the C standard (I am looking at
=C2=A0 n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?

=3D=3D=3D=3D

If you mean `can C be made proof against careless programmers,'
no.=C2=A0 You could try but the result wouldn't be C.=C2=A0 And Flon= 9;s
Dictum applies anyway, as always.

It's perfectly possible to program in C without overflowing
fixed buffers, just as it's perfectly possible to program in
C without dereferencing a NULL or garbage pointer.=C2=A0 I don't
claim to be perfect, but before the rtm worm rubbed my nose
in such problems, I was often sloppy about them, and afterward
I was very much aware of them and paid attention.

That's all I ask: we need to pay attention.=C2=A0 It's not about tools, it's about brains and craftmanship and caring more
about quality than about feature count or shiny surfaces
or pushing the product out the door.

Which is a good bit of what was attractive about UNIX in
the first place--that both its ideas and its implementation
were straightforward and comprehensible and made with some
care.=C2=A0 (Never mind that it wasn't perfect either.)

Too bad software in general and UNIX descendants in particular
seem to have left all that behind.

Norman Wilson
Toronto ON

PS: if you find this depressing, cheer yourself up by watching
the LCM video showing off UNICS on the PDP-7.=C2=A0 I just did, and
it did.
--000000000000a0c53c0597307e21--