Re: EMERGENCY: new remote root exploit in UW imapd

From: Craig Spannring (ctsat_private)
Date: Tue Jul 21 1998 - 15:00:19 PDT

Next message: IBS / Andre Oppermann: "Re: EMERGENCY: new remote root exploit in UW imapd"

Previous message: Brett Glass: "Re: Bounds checking - historical aside"
Maybe in reply to: Anonymous: "EMERGENCY: new remote root exploit in UW imapd"
Next in thread: IBS / Andre Oppermann: "Re: EMERGENCY: new remote root exploit in UW imapd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kragen writes:
 >
 > I've heard that bounds-checking typically increases the time to do
 > things by 30-50%.  The bounds-checking egcs people are optimistic that
 > this can be reduced.  Even so, it's much smaller than the variance
 > introduced by different degrees of optimization and efficient
 > design.

Since C was never designed to do bounds checking it will be hard to
retrofit it efficiently.

Other languages such as Ada have a much easier time.  For instance if
you compile the following program with gnat the compiler figures out
that no array bounds checking is needed and you take a 0% performance
hit.

  with Ada.Text_Io; use Ada.Text_Io;
  with Ada.Integer_Text_Io; use Ada.Integer_Text_Io;
  procedure Foo is

    type My_Index is range -10..10;
    type My_Array is array(My_index) of Integer;

    A: My_Array;
    function Sum(Arr: in My_Array) return Integer is
       Result: Integer := 0;
    begin
       for I in My_Index loop
          Result := Result + Arr(I);
       end loop;
       return Result;
    end Sum;

    T: Integer;
    begin
       for I in My_Index loop
          Put("Input a number ");
          Get(A(I));
       end loop;
       Put("The sum is "); Put(Sum(A)); New_Line;
    end Foo;

In fact the gnat people say that the assembly output is almost
identical to what gcc would produce with an equivalent C program.

I haven't written a lot of Ada code and none professionally, but I did
play around writing the bootstrap code for a PC once.  The boot strap
code needs to fit into the first 7K of a floppy and that's not a lot
of space.  If the code had raised any exceptions the required runtime
exception functions would not have fit in the space allowed.

It was the code size I had to worry about, not the speed, but in this
case being able to show that I wasn't taking a code size hit also
showed that I wasn't taking a performance hit either.

--
=======================================================================
 Life is short.                  | Craig Spannring
      Ski hard, Bike fast.       | ctsat_private
 --------------------------------+------------------------------------
 Any sufficiently perverted technology is indistinguishable from Perl.
=======================================================================

Next message: IBS / Andre Oppermann: "Re: EMERGENCY: new remote root exploit in UW imapd"
Previous message: Brett Glass: "Re: Bounds checking - historical aside"
Maybe in reply to: Anonymous: "EMERGENCY: new remote root exploit in UW imapd"
Next in thread: IBS / Andre Oppermann: "Re: EMERGENCY: new remote root exploit in UW imapd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:09 PDT