Well, there's always Python or C#. It's REALLY hard to make mistakes in Python. You basically have to force the bullet towards your foot. They even automatically convert integers so they never overflow, for example. (Python 2.2.2 and beyond, anyways) Does anyone on this list have any connection with the GCC developers? When is StackGuard and -blip going to get integrated into the standard distribution?! What are we waiting on? Mono? Dave Aitel Immunity, Inc. Exploiting Secure Code 2nd Edition http://www.immunitysec.com/CANVAS/ On Wed, 29 Jan 2003 13:06:41 -0800 "Michael Howard" <mikehowat_private> wrote: > The point I'm making is people seem to think they can write crap code, > then bindly replace the calls to strcpy with strncpy and all of a > sudden their code is safe. It's not! You MUST validate the untrusted > data. Oh, and while you're at it - use 'safer' functions and compile > with a stack-smashing detection capability such as VC++'s -GS or > Crispin's StackGuard. > > Then run tools over the code that model data flow through the app - > just in case you missed something... > > A finally, have someone that understands this stuff review your code - > just in case you missed something... > > Just a small data item: whenever I ask a bunch of developers whether > you should accommodate for the trailing '\0' when determining the > buffer size in a call to strncpy or strncat, 50% say YES, and 50% say > NO... That means 50% are WRONG!! That's how buffer overruns occur... > > A stupid developer using 'safe' functions will produce stupid code!! > There's no replacement for education, discpline and skill I'm afraid. > > Cheers, Michael > Secure Windows Initiative > Writing Secure Code 2nd Edition > http://www.microsoft.com/mspress/books/5957.asp > > > -----Original Message----- > From: Hall, Philip [mailto:phallat_private] > Sent: Tuesday, January 28, 2003 8:01 PM > To: secprogat_private > > > Of course, the real way to build secure software is not to use > > "safe" functions, but to check data validity :-) > > Hang on, that sounds akin to not having locks (safe functions) on your > front door, but posting a guard (data validation) at the end of your > drive way...hmmmmm I think I'll stick to my eXtreme Defensive > Programming (XDP) and be paranoid about everything...unless you meant > that by *adding* the data validity to the 'safe' functions to beef > them up...? > > --phil > >
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 15:42:10 PST