Re: safe strcpy()?

From: Dave Aitel (daveat_private)
Date: Wed Jan 29 2003 - 13:25:02 PST

Next message: Ben Pfaff: "Re: safe strcpy()?"

Previous message: Daniel Reed: "RE: safe strcpy()?"
In reply to: Michael Howard: "RE: safe strcpy()?"
Next in thread: Crispin Cowan: "Re: safe strcpy()?"
Next in thread: Ben Pfaff: "Re: safe strcpy()?"
Reply: Crispin Cowan: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, there's always Python or C#. It's REALLY hard to make mistakes in
Python. You basically have to force the bullet towards your foot. They
even automatically convert integers so they never overflow, for example.
(Python 2.2.2 and beyond, anyways)

Does anyone on this list have any connection with the GCC developers?
When is StackGuard and -blip going to get integrated into the standard
distribution?! What are we waiting on? Mono?


Dave Aitel
Immunity, Inc.
Exploiting Secure Code 2nd Edition
http://www.immunitysec.com/CANVAS/



On Wed, 29 Jan 2003 13:06:41 -0800
"Michael Howard" <mikehowat_private> wrote:

> The point I'm making is people seem to think they can write crap code,
> then bindly replace the calls to strcpy with strncpy and all of a
> sudden their code is safe. It's not! You MUST validate the untrusted
> data. Oh, and while you're at it - use 'safer' functions and compile
> with a stack-smashing detection capability such as VC++'s -GS or
> Crispin's StackGuard. 
> 
> Then run tools over the code that model data flow through the app -
> just in case you missed something...
> 
> A finally, have someone that understands this stuff review your code -
> just in case you missed something...
> 
> Just a small data item: whenever I ask a bunch of developers whether
> you should accommodate for the trailing '\0' when determining the
> buffer size in a call to strncpy or strncat, 50% say YES, and 50% say
> NO... That means 50% are WRONG!! That's how buffer overruns occur...
> 
> A stupid developer using 'safe' functions will produce stupid code!!
> There's no replacement for education, discpline and skill I'm afraid. 
> 
> Cheers, Michael
> Secure Windows Initiative
> Writing Secure Code 2nd Edition
> http://www.microsoft.com/mspress/books/5957.asp
> 
> 
> -----Original Message-----
> From: Hall, Philip [mailto:phallat_private] 
> Sent: Tuesday, January 28, 2003 8:01 PM
> To: secprogat_private
> 
> > Of course, the real way to build secure software is not to use
> > "safe" functions, but to check data validity :-)
> 
> Hang on, that sounds akin to not having locks (safe functions) on your
> front door, but posting a guard (data validation) at the end of your
> drive way...hmmmmm I think I'll stick to my eXtreme Defensive
> Programming (XDP) and be paranoid about everything...unless you meant
> that by *adding* the data validity to the 'safe' functions to beef
> them up...?
> 
> --phil
> 
>

Next message: Ben Pfaff: "Re: safe strcpy()?"
Previous message: Daniel Reed: "RE: safe strcpy()?"
In reply to: Michael Howard: "RE: safe strcpy()?"
Next in thread: Crispin Cowan: "Re: safe strcpy()?"
Next in thread: Ben Pfaff: "Re: safe strcpy()?"
Reply: Crispin Cowan: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 15:42:10 PST