Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Buffer overflow [Was: experiences with bache / logic of caching]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2016-02-14 23:26, Anton Aylward wrote:
I do wonder, however, just how much mistakes like this are taught
in CS courses? I've noted many times that the #1 and #1
vulnerabilities in the SANS Top 20 list, SQL Injection and Bugger
Overflow, have been around for more than 20 years. Buffer
Overflow, if you recall, was the root cause of the Morris Worm of
1988 which took down an appreciable part of the
Internet-as-it-then-was. My point here is that when I interview
new intakes of programmers or even talk with one who've been
working for my client for some years, even the ones that are aware
of these tell me their schools & colleege course never mentioned
them.

Mine did.

The teacher repeated several times how dangerous and bad language was
the C that he was teaching us. Took pains to stress the point. I think
we even practised how one variable would overflow and write another
variable.

Is this an error? - He would ask. - Yes.
Is it bad? Yes.
Is it dangerous? Yes.
Will the compiler tell us? No.

Me, I would add: Will the runtime whatever tell us? No.

- --
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 "Bottle" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlbBAUcACgkQja8UbcUWM1z9CwD+Jmx1JyUA4suVY09Ea42b0lFb
lGmq3GInmGXAeWDi1V8A/1SObufgl40aeKQvBnOdDSNkwbEolPQirWzRTZOcjfzx
=SJrq
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups