Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
On 02/17/2016 08:50 AM, Anton Aylward wrote:
> On 02/17/2016 02:50 AM, Marcus Meissner wrote:
> This
> http://cafbit.com/entry/reinventing_software_for_security
> attributes many of the problems we have with 'memory' wrt secuyrity to
> the use of C and C++.
>

Yeah. Read another interesting article on the underlying problem last night and, having done some application development in a previous life, I agree wholeheartedly with the "C is the cause for most security vulnerabilities" thread. C (and its cousins) has (had?) no function length parameters built in. You have a 1024 byte buffer area and a C function that takes data up until it gets a null (or something) with nothing to tell it that there should only be no more than 1024? Buffer overflow guaranteed, every time. Linux is created with C. Can you say potentially worse than Windows ever thought of being, security wise?
IMHO, the only thing that has given Linux the perception of being so secure is the fact that with such a small installed desktop base it just hasn't been worth the effort to develop malicious code when attacking Windows is so much more lucrative. But those days are past. Android is (sorta) Linux and look at how it is attacked because it is #1 OS on the planet. But, I digress ...
C is the problem.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >