Dirk Gently said the following on 05/12/2012 03:43 PM:
This has been known since the realease of the Morris Worm in 1987 (or was it 1988?), as the payload was delivered by abusing strcat() in every Sun or Vax which received tainted e-mail containing the payload.
I've been ranting on about buffer overflow for a couple of decades now, haranguing programming schools for not teaching how to avoid such egregious flaws as this and use use of inappropriate memory copy routines. Yes, you'd think by now they'd have learnt. Real Engineering, certainly the classes I attended in the 60s and 70s, used examples of classical failures and "Don't let me catch you doing anything stupid like this" -- and that was meant as a class of action, not a specific. So why can't programming - No way can you call it 'software engineering' despite what people like Steve McConnell[1] and James Moore[2] might wish - learn from past mistakes by teaching students to avoid the classical mistakes early on? But no, teachers simply don't seem interested in teaching programming for the real world, just grammar and, talking with many students from local community colleges and prospective hires, I find that the teachers use examples that have nothing to do with reliability, maintainability and correctness. The ideas that are norms in other fields of engineering such as those, such as working from detailed specifications, seem an anathema. Many of us here were brought up in a MIL-SPEC (or similar) world where the subtext was that errors and omissions cost not just much $ but also lives, often catastrophically ("There's a bit smoking hole in the ground and lots of people are dead!") For the likes of us, the whole 'first to market and never mind the bugs' attitude is JUST PLAIN WRONG! Anyone who has been there when things go pear shaped under fire know that Miller[3] was wrong; "Two" is a distraction never mind "five". Focus, focus, focus. [1] "After the Gold Rush: Creating a true profession of software engineering"; Microsoft, ISBN 0-7356-0877-6 [2] "Software Engineering Standards: A user's Road map" IEEE Computer Society; ISBN0-8186-8008-3 [3] Miller, G. A. "The magical number seven, plus or minus two: Some limits on our capacity for processing information". Psychological Review 63 (1956)(2): pp81–97. -- The use of COBOL cripples the mind; its teaching should, therefore,be regarded as a criminal offence. -- E.W. Dijkstra -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org