Re: EMERGENCY: new remote root exploit in UW imapd

From: D. J. Bernstein (djbat_private)
Date: Wed Jul 29 1998 - 02:50:48 PDT

Next message: jdassenat_private: "Re: Mutt: Buffer overflow in recent versions."

Previous message: Jonathan H. Pickard: "Re: [ NT SECURITY ALERT ] New Local GetAdmin Exploit"
Maybe in reply to: Anonymous: "EMERGENCY: new remote root exploit in UW imapd"
Next in thread: Kragen: "Re: EMERGENCY: new remote root exploit in UW imapd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's an example of the Dijkstra phenomenon.

Say you're auditing a system for security, and you bump into a call to
accounting(). You search for the definition of accounting(), and find
that it's a short routine that starts by calling logwtmp(). You growl at
the screen, and search for logwtmp(), and eventually find that it's a
ten-line routine in libutil. Now you check that the code is secure.

``That was a tremendous waste of time,'' you say. ``I was completely
unproductive while I was looking for these dinky little accounting() and
logwtmp() functions. I could have used that time to read more code!''

You continue your audit. You bump into logwtmp() again, and check it
again. Then you see accounting() again, which leads you to logwtmp()...
but this time you remember what it does, and you don't have to read it.
After this happens several times, you finally see the light.

``Aha. Modularization saved me time after all,'' you say. ``The bottom
line is that there's less code for me to read. If the library code had
been copied rather than reused, I would have had to check every copy. I
would have read more code but not accomplished as much.''

der Mouse writes:
> modular code usually ends up being slower

There are three misconceptions here.

Misconception #1 is that modularization means moving common code into
subroutines. In fact, modularization need not have any effect on the
compiled program, thanks to macros, inline code, etc. Subroutines are
convenient but not required.

Misconception #2 is that moving common code into subroutines imposes a
speed penalty. In fact, procedure-call overhead is wiped out by cache
effects in any subroutine that does more than a little bit of work.

Misconception #3 is that speed is something programmers should consider
along with security, verifiability, etc. In fact, the computer spends
almost all of its time executing an amazingly small amount of code. For
most programmers, speed simply doesn't matter.

---Dan
Binary qmail distributions are allowed! http://pobox.com/~djb/qmail/dist.html

Next message: jdassenat_private: "Re: Mutt: Buffer overflow in recent versions."
Previous message: Jonathan H. Pickard: "Re: [ NT SECURITY ALERT ] New Local GetAdmin Exploit"
Maybe in reply to: Anonymous: "EMERGENCY: new remote root exploit in UW imapd"
Next in thread: Kragen: "Re: EMERGENCY: new remote root exploit in UW imapd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:09:41 PDT