From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 3ad4686b for ; Tue, 12 Nov 2019 22:54:53 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 702419C158; Wed, 13 Nov 2019 08:54:52 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id D68FB9BB79; Wed, 13 Nov 2019 08:54:40 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 5CDCD9BB79; Wed, 13 Nov 2019 08:54:39 +1000 (AEST) Received: from viclamta11p.bpe.bigpond.com (viclamta11p.bpe.bigpond.com [203.38.21.75]) by minnie.tuhs.org (Postfix) with ESMTPS id 8688C9BB5B for ; Wed, 13 Nov 2019 08:54:38 +1000 (AEST) Received: from smtp.telstra.com ([10.10.26.4]) by viclafep11p-svc.bpe.nexus.telstra.com.au with ESMTP id <20191112225436.BAIL6826.viclafep11p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com> for ; Wed, 13 Nov 2019 09:54:36 +1100 X-RG-Spam: Unknown X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedufedrudeftddgtdegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuuffpveftpgfvgffnuffvtfetpdfqfgfvnecuuegrihhlohhuthemucegtddtnecunecujfgurhepfffhvffujgfkfhgfgggtsehttddttddtredvnecuhfhrohhmpeffrghvvgcujfhorhhsfhgrlhhluceouggrvhgvsehhohhrshhfrghllhdrohhrgheqnecukfhppeduuddtrddugedurdduleefrddvfeefnecurfgrrhgrmhephhgvlhhopegrnhgvuhhrihhnrdhhohhrshhfrghllhdrohhrghdpihhnvghtpeduuddtrddugedurdduleefrddvfeefpdhmrghilhhfrhhomhepoegurghvvgeshhhorhhsfhgrlhhlrdhorhhgqedprhgtphhtthhopeeothhuhhhssehtuhhhshdrohhrgheqnecuvehluhhsthgvrhfuihiivgeptd X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean X-RG-VS-CLASS: clean Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (5.8.418) id 5D8A79A30800F80B for tuhs@tuhs.org; Wed, 13 Nov 2019 09:54:36 +1100 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id xACMsZqA000131 for ; Wed, 13 Nov 2019 09:54:35 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.15.2/8.15.2/Submit) with ESMTP id xACMsZuY000128 for ; Wed, 13 Nov 2019 09:54:35 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Wed, 13 Nov 2019 09:54:35 +1100 (EST) From: Dave Horsfall To: The Eunuchs Hysterical Society In-Reply-To: <20191112221053.C2009156E80B@mail.bitblocks.com> Message-ID: References: <1573592179.5935.for-standards-violators@oclsc.org> <20191112221053.C2009156E80B@mail.bitblocks.com> User-Agent: Alpine 2.21.9999 (BSF 287 2018-06-16) X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0 587B EF46 7357 EF5E F58B X-Home-Page: http://www.horsfall.org/ X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: Re: [TUHS] buffer overflow (Re: Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Tue, 12 Nov 2019, Bakul Shah wrote: > Unfortunately strcpy & other buffer overflow friendly functions are > still present in the C standard (I am looking at n2434.pdf, draft of > Sept 25, 2019). Is C really not fixable? No; POSIX requires all sorts of broken functions be present, otherwise it is not compliant; heck, last I looked it even requires gets(). And let's not even mention pointers... We are our own worst enemy.[*] All is not lost, though; use strncpy() instead of strcpy() etc. These days my first choice is Perl, despite it being bloated (I only use C if it's trivial or I need the speed). I must look at Ruby, though... [*] Of if you were a Pogo fan, "We have met the enemy, and he is us". -- Dave