Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
On 02/18/2016 07:47 AM, Ruben Safir wrote:
On 02/17/2016 11:12 AM, Stevens wrote:

Yeah. Read another interesting article on the underlying problem last
night and, having done some application development in a previous life,
I agree wholeheartedly with the "C is the cause for most security
vulnerabilities" thread.

No. Actually, it is not so easy to overrun a buffer on a modern OS, but
putting that aside, there are many times the checking for a memory size
is detrimental to the softwares function, especially in video and games.

You can't blame the programming language for the stupidity of the
programmer. the reason C is the goto language for all things important
is because it is powerful. It is. And that power is felt in the hands
of the coder.

Ruben


Very true. It's like putting a professional tennis racket in the hands of someone who played pee-wee tennis once. They're going to lose control of it and make themselves look foolish. C and C++ are running at a very low level and take advantage of the hardware better than say, Haskell or Rust or Python. Python is not as fast of a running language as C++ (and Java always was slow for me) but processors are so fast these days that the user barely notices the difference. I've also read about compiler bugs and bugs in the bytecode interpreter for those higher-level languages, so it's not like they are totally immune to security bugs just because there's a bytecode interpreter.

sdm
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
References