Linked by MOS6510 on Thu 10th Jan 2013 23:25 UTC
General Development "For years I've tried my damnedest to get away from C. Too simple, too many details to manage, too old and crufty, too low level. I've had intense and torrid love affairs with Java, C++, and Erlang. I've built things I'm proud of with all of them, and yet each has broken my heart. They've made promises they couldn't keep, created cultures that focus on the wrong things, and made devastating tradeoffs that eventually make you suffer painfully. And I keep crawling back to C."
Permalink for comment 548326
To read all comments associated with this story, please click here.
C == Security Exploits by design
by moondevil on Fri 11th Jan 2013 08:12 UTC
moondevil
Member since:
2005-07-08

The author is no doubt enthusiastic about C, but there are quite a few things he gets wrong.

At the time C was developed, even during the 80's, there were languages which had better compilation speeds like Turbo Pascal and Modula-2.

The UNIX guys also decided to ignore the languages of their time, which provided already better type checking than C does.

C main weakness:

- no modules
- no way to namespace identifiers besides 70's like hacks
- null terminated strings are a open door to security exploits
- the way arrays decay into pointers ditto
- weak type checking
- pointer aliasing forbids certain types of optimizations

C developers used to complain about Pascal type safety in the 80, but if you security conscious:

- Read MISRA C
- Enable all warnings as errors
- Use static analyzers as part of the build process

Funny enough with those steps C gets to be almost as safe as the Pascal family of languages.

C needs to get replaced for us to get better security, as well as its Objective-C and C++ descendants.

The latter do offer more secure language constructs, but they are undermined by the C constructs they also support.

Even Ritchie did recognize that C has a few issues:
http://cm.bell-labs.com/who/dmr/chist.html

If UNIX did not get copied in all universities all over the world in the early 80's, C would just be another language in history books.

Reply Score: 4