Linked by Thom Holwerda on Thu 23rd May 2013 23:22 UTC
X11, Window Managers "Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues."
Thread beginning with comment 562619
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[8]: Overflowing
by sakeniwefu on Fri 24th May 2013 15:00 UTC in reply to "RE[7]: Overflowing"
sakeniwefu
Member since:
2008-02-26


Truth is, that C++ standard library offers ways to do safe programming and modern C++ is quite good, but there are still many companies out there that forbid modern C++ practices. ;)

At that point can you really say use this or that language to solve your problems?
The main thing I have learnt from the C programming language is that I could be doing the same things as the last language of the week, only in a more regular and deterministic way - and if I am not, its probably for a good reason.
C is not perfect(as of C11 threading solutions still suck), but all other languages are substantially and provably inferior.
You can pass messages and duck-type in C89. You can have as many first-class functions as you wish. You can bound-check, garbage-collect, auto-release, and optimize your tails.
On the other hand, you can't do any of what C is good at in "first-class function" or "OOP" languages.
Frankly, I don't think any language could do better than C, given that users of other languages consider security to equal buffer overflow prevention.
Most web site defacements involve password files stored in plain text and accessible from Google.

Reply Parent Score: 2

RE[9]: Overflowing
by Alfman on Fri 24th May 2013 15:35 in reply to "RE[8]: Overflowing"
Alfman Member since:
2011-01-28

sakeniwefu,

"C is not perfect(as of C11 threading solutions still suck), but all other languages are substantially and provably inferior."

I'm very interested in seeing how your going to go about proving it ;)


"Frankly, I don't think any language could do better than C, given that users of other languages consider security to equal buffer overflow prevention."

Buffer overflows are such a serious problem with C code that we've had to invent hacks like ASLR just to try to limit the circumstances in which the buffer overflow bugs are exploitable.


"Most web site defacements involve password files stored in plain text and accessible from Google."


Do you have examples of plain text password files accessible from google? If you had asked me, I would have said XSS and SQL injection. ... If websites were programmed in C, buffer overflows would be right at the top ;)

Edited 2013-05-24 15:39 UTC

Reply Parent Score: 2

RE[10]: Overflowing
by moondevil on Fri 24th May 2013 17:06 in reply to "RE[9]: Overflowing"
moondevil Member since:
2005-07-08

If websites were programmed in C, buffer overflows would be right at the top


But they were at the early days of the Web!

Do you remember CGIs in C, application servers as apache modules, ISAPI and ATL Server?

Tracking down pointer issues on those days with the customers shouting to technical support wasn't fun.

Reply Parent Score: 3

RE[9]: Overflowing
by moondevil on Fri 24th May 2013 17:02 in reply to "RE[8]: Overflowing"
moondevil Member since:
2005-07-08

C is not perfect(as of C11 threading solutions still suck), but all other languages are substantially and provably inferior.
You can pass messages and duck-type in C89. You can have as many first-class functions as you wish. You can bound-check, garbage-collect, auto-release, and optimize your tails.


In which ANSI/ISO paragraphs are those features defined?

Reply Parent Score: 2